Security questions are one of the mechanisms used to recover passwords.
Strong answers to security questions (i.e. high entropy) are hard for attackers
to guess or obtain using social engineering techniques (e.g. monitoring of
social networking profiles), but at the same time are difficult to remember.
Instead, weak answers to security questions (i.e. low entropy) are easy to
remember, which makes them more vulnerable to cyber-attacks. Convenience leads
users to use the same answers to security questions on multiple accounts, which
exposes these accounts to numerous cyber-threats. Hence, current security
questions implementations rarely achieve the required security and memorability
requirements. This research study is the first step in the development of a
model which investigates the determinants that influence users' behavioural
intentions through motivation to select strong and memorable answers to
security questions. This research also provides design recommendations for
novel security questions mechanisms.Comment: 11, Australasian Conference on Information Systems, 201