IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Boffins beef up password prompt security

A group of US university based scientists have proposed and overhaul for password prompts.

Password login

A new system that improves the security of online prompt questions for web-based shopping has been unveiled by a group of scientists working at Rutgers University.

Most online shops and other secure areas currently ask relatively simple questions, such as "What was your mother's maiden name?" or "Where were you born?" for ID verification before sending out a password reminder.

But security experts say these questions represent a real security threat and need to be updated with questions that constantly change based on a user's digital history.

"We call them activity-based personal questions," said Danfeng Yao, assistant professor of computer science in the Rutgers School of Arts and Sciences. "Sites could ask, When was the last time you sent an e-mail?' or, What did you do yesterday at noon?'

"It's about using information that is much harder to obtain."

Answering these questions is far harder for would-be hackers, the scientists claim, because the information is less widely available.

"There are several issues with the security of conventional secret questions," Yao told IT PRO's sister site PC Pro.

"They are static and long-lived and do not usually change, so a user's answers may be gathered or deduced by people around the user. Public databases and personal profiles at social networking websites makes guessing these questions easier."

Yao said she gave students in her lab several questions related to network activities, physical activities and opinion questions, and then told them to "attack" each other.

"We found that questions related to time are more robust than others," she says. "Many guessed the answer to the question, Who was the last person you sent e-mail to?' but if we asked what time it was sent, it was much harder."

What happens when users forget what time they sent that email or where they had a meeting yesterday? "One approach is to create cues for events that will later be used, which would help the user remember the event later on. In addition, we use existing cognitive science knowledge to carefully select events that are specific to an individual and may cause flash-bulb memories."

Security managers hoping to roll out the system may have to wait some time for a commercial product, according to the researchers. "We are currently developing a prototype system which we expect to be ready and available for testing by May 2010," Yao said.

"The system has both server-side and client-side components, so we need to perform a substantial amount of testing on both security and memorability before we bring our solution to the market."

Featured Resources

The state of Salesforce: Future of business

Three articles that look forward into the changing state of Salesforce and the future of business

Free Download

The mighty struggle to migrate SAP to the cloud may be over

A simplified and unified approach to delivering Enterprise Transformation in the cloud

Free Download

The business value of the transformative mainframe

Modernising on the mainframe

Free Download

The Total Economic Impact™ Of IBM FlashSystem

Cost savings and business benefits enabled by FlashSystem

Free Download

Recommended

Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to incorporate password protection into your security strategy
Sponsored

How to incorporate password protection into your security strategy

3 Aug 2022
Should you take your password manager off the internet?
Sponsored

Should you take your password manager off the internet?

28 Jul 2022
The psychology of secure passwords
Sponsored

The psychology of secure passwords

14 Jul 2022

Most Popular

Cyber attack on software supplier causes "major outage" across the NHS
cyber attacks

Cyber attack on software supplier causes "major outage" across the NHS

8 Aug 2022
Why convenience is the biggest threat to your security
Sponsored

Why convenience is the biggest threat to your security

8 Aug 2022
How to boot Windows 11 in Safe Mode
Microsoft Windows

How to boot Windows 11 in Safe Mode

29 Jul 2022