Show simple item record

dc.contributor Sun, Xiaoyan en_US
dc.contributor.advisor Cheng, Yuan en_US
dc.contributor.author Dhekane, Radha
dc.date.accessioned 2020-06-16T22:26:31Z
dc.date.available 2020-06-16T22:26:31Z
dc.date.issued 2020-06-16
dc.date.submitted 2020-05-01
dc.identifier.uri http://hdl.handle.net/10211.3/216745
dc.description Project (M.S., Computer Science)--California State University, Sacramento, 2020. en_US
dc.description.abstract Fallback authentication recovers user access in case a user is unable to log back in or has forgotten the password. Security questions are one of the means for fallback authentication. However, security questions are not as robust as we think and can cause a security breach by enabling unauthorized access. Along with security, usability is a growing concern for the effective use of security questions. It is crucial to expose the vulnerability of security questions and establish a new approach to improve its usability. We conduct an online user survey to validate user opinions for the usability of text-based security questions. We then conduct another on-campus study in a span of six weeks to specifically examine the memorability aspect of security questions. There are several known attacks against security questions, such as man-in-the-middle (MITM) attacks, brute force attacks, or keystroke logging attacks. We implement a password reset MITM simulation that exploits user accounts by either answering their security questions or compromising the OTP (one-time-passwords) sent to the victims’ phones or email addresses. The project also proposes an alternative knowledge-based security question mechanism based on recognition rather than recall. We adopt a hybrid approach to make the validation more robust. Furthermore, we suggest how security question guidelines can be adapted to enhance its usability. en_US
dc.description.sponsorship Computer Science en_US
dc.language.iso en_US en_US
dc.subject Security questions en_US
dc.subject Fallback authentication en_US
dc.subject Knowledge based approach en_US
dc.title Towards a usable fallback authentication mechanism en_US
dc.type Project en_US

Files in this item


This item appears in the following Collection(s)

Show simple item record

Search DSpace

My Account

RSS Feeds