Jul 10

Visual appearance is one of the most effective variables for quickly differentiating one application from another

-- Bob Baxley, 2003

 
 

Featured chapter

Marc Hassenzahl explains the fascinating concept of User Experience and Experience Design. Commentaries by Don Norman, Eric Reiss, Mark Blythe, and Whitney Hess

User Experience and Experience Design !

 
 

Our Latest Books

Kumar and Herger 2013: Gamification at Work: Designing Engaging Business Software...
by Janaki Mythily Kumar and Mario Herger

 
Start reading

Whitworth and Ahmad 2013: The Social Design of Technical Systems: Building technologies for communities...
by Brian Whitworth and Adnan Ahmad

 
Start reading

Soegaard and Dam 2013: The Encyclopedia of Human-Computer Interaction, 2nd Ed....
by Mads Soegaard and Rikke Friis Dam

 
Start reading
 
 

Help us help you!

 
 

Mike Just

Add description
Add publication

Publications by Mike Just (bibliography)

 what's this?
2010
 
Edit | Del

Renaud, Karen and Just, Mike (2010): Pictures or questions?: examining user responses to association-based authentication. In: Proceedings of the HCI10 Conference on People and Computers XXIV 2010. pp. 98-107.

Challenge questions are commonly used as a backup should users forget their "main" authentication secret. Such questions are notoriously difficult to design properly, and have sometimes allowed intruders to access the system via a back door simply by engaging in some online research about the victim [33]. Most challenge questions rely on a user's knowledge of their early life, something which tends not to deteriorate over time [15]. Unfortunately, this kind of information can also be discovered by a determined attacker. We developed a challenge protocol in which a set of pictorial cues are used to prompt answers, rather than using the standard mechanism based on textual questions. The prompts solicit associative memories that need not represent factual information (information that aids an attacker in mounting targeted observation attacks) and serve as a stronger cue to aid the recall. Our results reveal that the solution has comparable security with that of traditional challenge questions (when considering external attackers), and suggests additional benefits from posing three or more questions serially. Furthermore, we obtained a 13% increase in the memorability of our (name-based) answers, while our results suggest enhancements could help improve the recall of place-based answers. We conclude by discussing how further modifications could achieve gains on the usability front.

© All rights reserved Renaud and Just and/or BCS

2009
 
Edit | Del

Just, Mike and Aspinall, David (2009): Personal choice and challenge questions: a security and usability assessment. In: Proceedings of the 2009 Symposium on Usable Privacy and Security 2009. p. 8.

Challenge questions are an increasingly important part of mainstream authentication solutions, yet there are few published studies concerning their usability or security. This paper reports on an experimental investigation into user-chosen questions. We collected questions from a large cohort of students, in a way that encouraged participants to give realistic data. The questions allow us to consider possible modes of attack and to judge the relative effort needed to crack a question, according to an innovative model of the knowledge of the attacker. Using this model, we found that many participants were likely to have chosen questions with low entropy answers, yet they believed that their challenge questions would resist attacks from a stranger. Though by asking multiple questions, we are able to show a marked improvement in security for most users. In a second stage of our experiment, we applied existing metrics to measure the usability of the questions and answers. Despite having youthful memories and choosing their own questions, users made errors more frequently than desirable.

© All rights reserved Just and Aspinall and/or ACM Press

 
Add publication
Show list on your website
 

Join our community and advance:

Your
Skills

Your
Network

Your
Career

 
 
 
 

Changes to this page (author)

03 Apr 2012: Modified
08 Sep 2009: Added

Page Information

Page maintainer: The Editorial Team
URL: http://www.interaction-design.org/references/authors/mike_just.html
Jul 10

Visual appearance is one of the most effective variables for quickly differentiating one application from another

-- Bob Baxley, 2003

 
 

Featured chapter

Marc Hassenzahl explains the fascinating concept of User Experience and Experience Design. Commentaries by Don Norman, Eric Reiss, Mark Blythe, and Whitney Hess

User Experience and Experience Design !

 
 

Our Latest Books

Kumar and Herger 2013: Gamification at Work: Designing Engaging Business Software...
by Janaki Mythily Kumar and Mario Herger

 
Start reading

Whitworth and Ahmad 2013: The Social Design of Technical Systems: Building technologies for communities...
by Brian Whitworth and Adnan Ahmad

 
Start reading

Soegaard and Dam 2013: The Encyclopedia of Human-Computer Interaction, 2nd Ed....
by Mads Soegaard and Rikke Friis Dam

 
Start reading
 
 

Help us help you!