Personalized cognitive passwords: An exploratory assessment

Lior Lazar, Omer Tikolsky, Chanan Glezer, Moshe Zviran

Research output: Contribution to journalArticlepeer-review

6 Scopus citations

Abstract

Purpose Cognitive passwords are typically realized using "one size fits all" fact-based or opinion-based questions, and as such are prone to guessing attacks. The purpose of this paper is to propose a method of personalizing cognitive passwords to individual users, to close this loophole, and evaluate its performance against rigid cognitive passwords. Design/methodology/approach A personalized questionnaire formulated by the subjects was benchmarked against a rigid questionnaire in terms of recall and security. The evaluation employed two constructs used extensively in previous research, namely, Recall the success in remembering a password, and Secrecy the likelihood that the password cannot be guessed. Findings While the experiment found that personalization increases the recall of cognitive passwords, it showed no improvement in secrecy (reducing guessing rates). Research limitations/implications The study was conducted in an academic environment with young freshmen students thereby limiting external validity. Another problem might stem from the difference in the length of the questionnaires between groups in order to minimize drop-out rates. Practical implications Secrecy was and still is the Achilles heel of the cognitive password mechanism and therefore the results imply that some restrictions should be imposed to prevent selection of over-simplistic cognitive passwords. Originality/value This study is important because it is the first of its kind benchmarking recall and secrecy of two types of cognitive authentication methods rigid and personalized.

Original languageEnglish
Pages (from-to)25-41
Number of pages17
JournalInformation Management and Computer Security
Volume19
Issue number1
DOIs
StatePublished - 9 May 2011
Externally publishedYes

Keywords

  • Data security
  • Identification

ASJC Scopus subject areas

  • Management Information Systems
  • Business and International Management
  • Management Science and Operations Research
  • Library and Information Sciences

Fingerprint

Dive into the research topics of 'Personalized cognitive passwords: An exploratory assessment'. Together they form a unique fingerprint.

Cite this