Secrets, Lies, and Account Recovery: Lessons from the Use of Personal Knowledge Questions at Google
WWW, pp. 141-150, 2015.
access controlsaccount recoveryauthenticationpersonal knowledge questions
We examine the first large real-world data set on personal knowledge question's security and memorability from their deployment at Google. Our analysis confirms that secret questions generally offer a security level that is far lower than user-chosen passwords. It turns out to be even lower than proxies such as the real distribution of su...More