A study in authentication via electronic personal history questions

Nosseir, A. and Terzis, S.; Cordeiro, Jose, ed. (2010) A study in authentication via electronic personal history questions. In: Proceedings of the 12th International Conference on Enterprise Information Systems. UNSPECIFIED, PRT, pp. 63-70. (http://www.cis.strath.ac.uk/cis/research/publicati...)

[thumbnail of ICEIS_Paper_CR.pdf] PDF. Filename: ICEIS_Paper_CR.pdf
Accepted Author Manuscript
Restricted to Registered users only

Download (492kB) | Request a copy

Abstract

Authentication via electronic personal history questions is a novel technique that aims to enhance questionbased authentication. This paper presents a study that is part of a wider investigation into the feasibility of the technique. The study used academic personal web site data as a source of personal history information, and studied the effect of using an image-based representation of questions about personal history events. It followed a methodology that assessed the impact on both genuine users and attackers, and provides a deeper insight into their behaviour. From an authentication point of view, the study concluded that (a) an imagebased representation of questions is certainly beneficial; (b) a small increase in the number of distracters/options used in closed questions has a positive effect; and (c) despite the closeness of the attackers their ability to answer correctly with high confidence questions about the genuine users’ personal history is limited. These results are encouraging for the feasibility of the technique.

ORCID iDs

Nosseir, A. and Terzis, S. ORCID logoORCID: https://orcid.org/0000-0002-5061-9923; Cordeiro, Jose