Rutgers University computer scientists are developing an alternative to online security questions that is designed to be easier for legitimate users and more secure. "We call them activity-based personal questions," says Rutgers professor Danfeng Yao. "Sites could ask you, 'When was the last time you sent an email?' Or, 'What did you do yesterday at noon?' " Initial studies suggest that questions about recent activities are easy for legitimate users to answer but harder for attackers to guess or learn. "We want the question to be dynamic," Yao says. "The questions you get today will be different from the ones you would get tomorrow."
Initial results from the system will be presented at ACM's Conference on Computer and Communications Security, which takes place Nov. 9-13 in Chicago, Ill.
Rutgers researchers found that questions related to time were more robust than other questions. Yao says online service providers can create security questions using data from a user's email, calendar, or transactions, though computers would need to use natural language processing tools to synthesize understandable questions and analyze answers for accuracy. Yao has proposed additional studies to determine the practicality of the new approach and how it could best be implemented.
From Rutgers University
View Full Article
Abstracts Copyright © 2009 Information Inc., Bethesda, Maryland, USA
No entries found