Abstract

Passwords are widely used for user authentication, but they are often difficult for a user to recall, easily cracked by automated programs and heavily reused. Security questions are also used for secondary authentication. They are more memorable than passwords, but are very easily guessed. We propose a new authentication mechanism, called "life-experience passwords (LEPs)," which outperforms passwords and security questions, both at recall and at security. Each LEP consists of several facts about a user-chosen past experience, such as a trip, a graduation, a wedding, etc. At LEP creation, the system extracts these facts from the user's input and transforms them into questions and answers. At authentication, the system prompts the user with questions and matches her answers with the stored ones.
In this paper we propose two LEP designs, and evaluate them via user studies. We further compare LEPs to …

Metadata

publication

Symposium on Usable Privacy and Security (SOUPS), 2014

year

2014

publication date

2014/7/9

authors

Simon S Woo, Jelena Mirkovic, Ron Artstein, Elsi Kaiser

link

https://dl.acm.org/doi/abs/10.1145/2991079.2991107

resource_link

http://cups.cs.cmu.edu/soups/2014/workshops/papers/lep_woo_12.pdf

journal

Symposium on Usable Privacy and Security (SOUPS)