Designing challenge questions for location‐based authentication systems: a real‐life study

Yusuf Albayram, Mohammad Maifi Hasan Khan, Athanasios Bamis, Sotirios Kentros, Nhan Nguyen, Ruhua Jiang
2015 Human-Centric Computing and Information Sciences  
Online service providers often use challenge questions (a.k.a. knowledge-based authentication) to facilitate resetting of passwords or to provide an extra layer of security for authentication. While prior schemes explored both static and dynamic challenge questions to improve security, they do not systematically investigate the problem of designing challenge questions and its effect on user recall performance. Interestingly, as answering different styles of questions may require different
more » ... of cognitive effort and evoke different reactions among users, we argue that the style of challenge questions itself can have a significant effect on user recall performance and usability of such systems. To address this void and investigate the effect of question types on user performance, this paper explores location-based challenge question generation schemes where different types of questions are generated based on users' locations tracked by smartphones and presented to users. For evaluation, we deployed our location tracking application on users' smartphones and conducted two real-life studies using four different kinds of challenge questions. Each study was approximately 30 days long and had 14 and 15 users respectively. Our findings suggest that the question type can have a significant effect on user performance. Finally, as individual users may vary in terms of performance and recall rate, we investigate and present a Bayesian classifier based authentication algorithm that can authenticate legitimate users with high accuracy by leveraging individual response patterns while reducing the success rate of adversaries.
doi:10.1186/s13673-015-0032-3 fatcat:upxj5qlq4jgeflswyvmqaqjx4u