A Model for Enhancing Human Behaviour with Security Questions: A Theoretical Perspective
This addresses security and memorability issues in authentication systems for users, but it is incremental as it builds on existing theoretical perspectives.
The paper tackles the problem of security questions being either hard to remember or vulnerable to attacks, by developing a model to understand user behavior and provide design recommendations for stronger, more memorable answers.
Security questions are one of the mechanisms used to recover passwords. Strong answers to security questions (i.e. high entropy) are hard for attackers to guess or obtain using social engineering techniques (e.g. monitoring of social networking profiles), but at the same time are difficult to remember. Instead, weak answers to security questions (i.e. low entropy) are easy to remember, which makes them more vulnerable to cyber-attacks. Convenience leads users to use the same answers to security questions on multiple accounts, which exposes these accounts to numerous cyber-threats. Hence, current security questions implementations rarely achieve the required security and memorability requirements. This research study is the first step in the development of a model which investigates the determinants that influence users' behavioural intentions through motivation to select strong and memorable answers to security questions. This research also provides design recommendations for novel security questions mechanisms.