Abstract

Passwords are widely used for user authentication, but they are often difficult for a user to recall, easily cracked by automated programs, and heavily reused. Security questions are also used for secondary authentication. They are more memorable than passwords, because the question serves as a hint to the user, but they are very easily guessed. We propose a new authentication mechanism, called “life-experience passwords (LEPs).” Sitting somewhere between passwords and security questions, an LEP consists of several facts about a user-chosen life event—such as a trip, a graduation, a wedding, and so on. At LEP creation, the system extracts these facts from the user’s input and transforms them into questions and answers. At authentication, the system prompts the user with questions and matches the answers with the stored ones. We show that question choice and design make LEPs much more secure than …

Metadata

publication

ACM Transactions on Privacy and Security (TOPS) 22 (2), 1-34, 2019

year

2019

publication date

2019/4/2

authors

Simon S Woo, Ron Artstein, Elsi Kaiser, Xiao Le, Jelena Mirkovic

link

https://dl.acm.org/doi/abs/10.1145/3308992

resource_link

https://www.researchgate.net/profile/Simon-Woo/publication/332216818_Using_Episodic_Memory_for_User_Authentication/links/5cc07f02a6fdcc1d49acb5f5/Using-Episodic-Memory-for-User-Authentication.pdf

journal

ACM Transactions on Privacy and Security (TOPS)

volume

22

issue

2

pages

1-34

publisher

ACM