Geographical Security Questions for Fallback Authentication


Fallback authentication is the backup authentication method used when the primary authentication method (e.g., passwords, biometrics, etc.) fails. Currently, widely-deployed fallback authentication methods (e.g., security questions, email resets, and SMS resets) suffer from documented security and usability flaws that threaten the security of accounts. These flaws motivate us to design and study Geographical Security Questions (GeoSQ), a system for fallback authentication. GeoSQ is an Android application that utilizes autobiographical location data for fallback authentication. We performed security and usability analyses of GeoSQ through an in-person two-session lab study (n=36, 18 pairs). Our results indicate that GeoSQ exceeds the security of its counterparts, while its usability (specifically login time and memorability) has room for improvement.

In Proceedings of the 17th Annual Conference on Privacy, Security and Trust (PST’19).