Changing users' security behaviour towards security questions: A game based learning approach

Fallback authentication is used to retrieve forgotten passwords. Security questions are one of the main techniques used to conduct fallback authentication. In this paper, we propose a serious game design that uses system-generated security questions with the aim of improving the usability of fallback authentication. For this purpose, we adopted the popular picture-based "4 Pics 1 word" mobile game. This game was selected because of its use of pictures and cues, which previous psychology research found to be crucial to aid memorability. This game asks users to pick the word that relates to the given pictures. We then customized this game by adding features which help maximize the following memory retrieval skills: (a) verbal cues - by providing hints with verbal descriptions, (b) spatial cues - by maintaining the same order of pictures, (c) graphical cues - by showing 4 images for each challenge, (d) interactivity/engaging nature of the game.Comment: 6, Military Communications and Information Systems Conference (MilCIS), 2017. arXiv admin note: substantial text overlap with arXiv:1707.0807

A Model for Enhancing Human Behaviour with Security Questions: A Theoretical Perspective

Security questions are one of the mechanisms used to recover passwords. Strong answers to security questions (i.e. high entropy) are hard for attackers to guess or obtain using social engineering techniques (e.g. monitoring of social networking profiles), but at the same time are difficult to remember. Instead, weak answers to security questions (i.e. low entropy) are easy to remember, which makes them more vulnerable to cyber-attacks. Convenience leads users to use the same answers to security questions on multiple accounts, which exposes these accounts to numerous cyber-threats. Hence, current security questions implementations rarely achieve the required security and memorability requirements. This research study is the first step in the development of a model which investigates the determinants that influence users' behavioural intentions through motivation to select strong and memorable answers to security questions. This research also provides design recommendations for novel security questions mechanisms.Comment: 11, Australasian Conference on Information Systems, 201

Reflections on Soviet New Thinking on Security Questions

These are momentous times. It does not take a Toynbee to grasp that we are living in a period when great empires, built on the blood, the sacrifice, the lives of millions of martyrs and victims, are beginning to crack at the seams

Generating repudiable, memorizable and privacy preserving security questions using the Propp Theory of Narrative

 Security questions are often based on personal information that is limited in variety, available in the public record and very difficult to change if compromised. A personalized folktale shared only by the communicating parties provides memorizable basis for individualized security questions that can be readily replaced in the event of a security breach. We utilize the Propp theory of narrative to provide a basis of abstraction for story generation systems. We develop a proof-of-concept system based on placeholder replacement to demonstrate the generation of repudiate and memorizable questions and answers suitable for online security questions. A 3-component protocol is presented that demonstrates the use of this process to derive a shared secret key through privacy amplification. This combination of story generation and communication security provides the basis for improvements in current security question practice

A Serious Game Design: Nudging Users’ Memorability of Security Questions

Online review communities thrive on contributions from different reviewers, who exhibit a varying range of community behaviors. However, no attempt has been made in the IS literature to cluster behavioral patterns across a reviewer population. In this paper, we segment the reviewers of a popular review site (Yelp) using two-step cluster analysis based on four key attributes (reviewer involvement, sociability, experience, and review quality), resulting in three distinct reviewer segments - Enthusiasts, Adepts, and Amateurs. We also compare the propensity of receiving community recognition across these segments. We find that the Enthusiasts, who show high involvement and sociability, are the most recognized. Surprisingly, the Adepts, who are high on review quality, are the least recognized. The study is a novel attempt on reviewer segmentation and provides valuable insights to the community managers to customize strategies to increase productivity of different segments