Publication Details
Download |
Alina Hang, Alexander De Luca, Heinrich Hussmann
I Know What You Did Last Week! Do You? Dynamic Security Questions for Fallback Authentication on Smartphones In Proceedings of the 33rd SIGCHI Conference on Human Factors in Computing Systems (CHI '15). Seoul, Korea, April 18 - April 23, 2015. ACM, New York, NY, USA. |
In this paper, we present the design and evaluation of dynamic security questions for fallback authentication. In case users lose access to their device, the system asks questions about their usage behavior (e.g. calls, text messages or app usage). We performed two consecutive user studies with real users and real adversaries to identify questions that work well in the sense that they are easy to answer for the genuine user, but hard to guess for an adversary. The results show that app installations and communication are the most promising categories of questions. Using three questions from the evaluated categories was sufficient to get an accuracy of 95.5% - 100%. |