Geographical Security Questions for Fallback Authentication
This addresses security and usability flaws in fallback authentication for account holders, though it appears incremental as it builds on location-based authentication concepts.
The paper tackled the problem of insecure and unusable fallback authentication methods by designing Geographical Security Questions (GeoSQ), an Android app using autobiographical location data, and found it exceeds the security of existing methods but has usability issues in login time.
Fallback authentication is the backup authentication method used when the primary authentication method (e.g., passwords, fingerprints, etc.) fails. Currently, widely-deployed fallback authentication methods (e.g., security questions, email resets, and SMS resets) suffer from documented security and usability flaws that threaten the security of accounts. These flaws motivate us to design and study Geographical Security Questions (GeoSQ), a system for fallback authentication. GeoSQ is an Android application that utilizes autobiographical location data for fallback authentication. We performed security and usability analyses of GeoSQ through an in-person two-session lab study (n=36,18 pairs). Our results indicate that GeoSQ exceeds the security of its counterparts, while its usability (specifically login time) has room for improvement.