If you forget your password when logging onto a secure web site, the site typically asks you a security question: What is your mother’s maiden name? Where were you born? The trouble is, such questions are not very secure. More people than you think might know the answers, or be able to guess. Now, computer scientists at Rutgers are testing a new tactic that could be both easier and more secure, the university reports. "We call them activity-based personal questions," said Danfeng Yao, assistant professor of computer science in the Rutgers School of Arts and Sciences. "Sites could ask you, ‘When was the last time you sent an eMail?’ Or, ‘What did you do yesterday at noon?’" Yao and her students have been testing how resistant these activity questions are to attack. Early studies suggest that questions about recent activities are easy for legitimate users to answer but harder for potential intruders to find or guess, Yao said. She explained that it should not be difficult for an online service provider to formulate these kinds of security questions by looking at users’ eMail, calendar activities, or previous transactions…

Click here for the full story

About the Author:

eSchool News