Generating security questions for better protection of user privacy

Abstract

ABSTRACTCyber threats to identity prevail. One of the most common forms of authentication, which most of the online service providers require users to provide a username and preset password. But password reset rates have been estimated as one recovery per every four users per month. Since the number of active registered users in Google is over 425 million, it indicates the importance of reliability of second authentication method for account recovery. On the other hand, increasingly more attackers are abusing the option of forget password or account recovery, which demonstrates the urgent needs of the security of the account recovery methods. This paper proposes an inexpensive approach of generating memorizable stories which are of readily use for setting security questions and their answers. We conduct experiments to prove the effectiveness of this approach by investigating how well different groups of people could accurately answer the challenges based on randomly generated contents. According to our findings, around 73% of the 135 participants correctly answered the security questions, and nearly half of them acknowledged that randomly generated information is difficult to recall despite its usefulness on privacy protection. We proved that this method is effective as long as the generated story is more related to the user and the time frame is relatively short. The results of this research may help to create the feasible solutions to reduce the leakage of private information from security questions.