Sciweavers

DIM
2008
ACM

Quantifying the security of preference-based authentication

14 years 2 months ago
Quantifying the security of preference-based authentication
We describe a technique aimed at addressing longstanding problems for password reset: security and cost. In our approach, users are authenticated using their preferences. Experiments and simulations have shown that the proposed approach is secure, fast, and easy to use. In particular, the average time for a user to complete the setup is approximately two minutes, and the authentication process takes only half that time. The false negative rate of the system is essentially 0% for our selected parameter choice. For an adversary who knows the frequency distributions of answers to the questions used, the false positive rate of the system is estimated at less than half a percent, while the false positive rate is close to 0% for an adversary without this information. Both of these estimates have a significance level of 5%. Categories and Subject Descriptors K.6.5 [Management of Computing and Information Systems]: Security and Protection--Authentication General Terms Security, Design, Experi...
Markus Jakobsson, Liu Yang, Susanne Wetzel
Added 19 Oct 2010
Updated 19 Oct 2010
Type Conference
Year 2008
Where DIM
Authors Markus Jakobsson, Liu Yang, Susanne Wetzel
Comments (0)