Abstract
Purpose Cognitive passwords are typically realized using "one size fits all" fact-based or opinion-based questions, and as such are prone to guessing attacks. The purpose of this paper is to propose a method of personalizing cognitive passwords to individual users, to close this loophole, and evaluate its performance against rigid cognitive passwords. Design/methodology/approach A personalized questionnaire formulated by the subjects was benchmarked against a rigid questionnaire in terms of recall and security. The evaluation employed two constructs used extensively in previous research, namely, Recall the success in remembering a password, and Secrecy the likelihood that the password cannot be guessed. Findings While the experiment found that personalization increases the recall of cognitive passwords, it showed no improvement in secrecy (reducing guessing rates). Research limitations/implications The study was conducted in an academic environment with young freshmen students thereby limiting external validity. Another problem might stem from the difference in the length of the questionnaires between groups in order to minimize drop-out rates. Practical implications Secrecy was and still is the Achilles heel of the cognitive password mechanism and therefore the results imply that some restrictions should be imposed to prevent selection of over-simplistic cognitive passwords. Originality/value This study is important because it is the first of its kind benchmarking recall and secrecy of two types of cognitive authentication methods rigid and personalized.
Original language | English |
---|---|
Pages (from-to) | 25-41 |
Number of pages | 17 |
Journal | Information Management and Computer Security |
Volume | 19 |
Issue number | 1 |
DOIs | |
State | Published - 9 May 2011 |
Externally published | Yes |
Keywords
- Data security
- Identification
ASJC Scopus subject areas
- Management Information Systems
- Business and International Management
- Management Science and Operations Research
- Library and Information Sciences