Pick a favorite tune and the last 4 digits of your mother’s phone number. i.e. My Country Tis Of Thee and Mom’s # 7856

The password uses the first letter of each word and adds Mom’s number, BUT hold the shift key when typing the numbers. The password becomes:

MCTOT&*%^

If I care about reproducing an insecurity question answer should my password storage mechanism fail, the question is something like MAC(k,”FooWebsiteQuestion1″) and the answer is the MAC (I usually paste the shell command as the question so I get the right hex/base64/truncated/etc answer). It’s not that secure, but I’m reasonably sure that all existing copies of k are under my control.

If I don’t care that much, I use a slightly different method:
• If I need to give an answer over the phone, use a few random words with something like python -c 'import random,math;l=list(set(map(str.lower,open("/usr/share/dict/words","rb").read().split())));print "%r, %f bits"%(random.SystemRandom().choice(l),math.log(len(l),2))'
• If not, I generate it the same way I generate passwords: dd if=/dev/random count=1 | openssl sha1 -binary | openssl base64 | sed -e's/.==*//' | tr /+ -_ (the sed removes the characters without 6 bits of entropy).
If I get to pick the question, my latest choice is “random1″ and “random2″.

And that’s a real critical point. Names might be “good enough” security. Unless there is a real and honest evaluation of the cost of the attacking the account compared to the benefit accruing to the hacker, this research remains non-compelling.

http://www.youtube.com/watch?v=q3ALAjwuO1M

Sorry I’m a little late replying I’ve had my time tied up a bit at this end.

The main problem I see with all authentication systems is not in “finding” alternatives but in “replacing” existing systems.

Forty years ago we knew that passwords where a bad idea, yet here they still are alive and causing problems major problems.

The only improvment in passwords has been asking users to use complex password scheams that fail for various reasons to do with “human failings”.

[And yes I'm a "sinner" I've a couple of online accounts I cannot get into because I cannot remember my "clever" passwords and answers. Now if I'd put in the real name of my first pet...]

Worse of all the alternatives that are practical sugestions in most cases they will all fail to human weakness (we forget/break/lose/have stolen/etc things and move on without full consideration).

So unfortunatly we have these systems not just because they are simple to build, but because they do work with falable humans (except for that reset password button that emails to an email account you nolonger have as you’ve moved on to a new employer/ISP/etc).

The obvious solution is of course the easy “universal unique identifier used as an authentication token”, but then… That has a whole host of issues it’s self not least of which are “who pays” and an individuals “roles in life” that realy should be seperate otherwise the anonymity that is required for our current societies to function is broken…

So if we cannot “replace” such pasword etc systems the best we can do is “augment” them.

Which then brings up,

“how do you augment without effectivly replacing”…

Hence my sugestion of two or more questions.

Which you quite correctly show does have it’s failings (those pesky humans again

It is without doubt a very very hard problem simply because of “human failings”.

And I for one am most definatly not in favour of the “Government Soloutions” of National ID’s etc because in the long term their use to society is detrimental to the extream.

Very good comments. I agree that requiring more than one question is a nice improvement, though I’ve rarely seen this done. One problem is that it can be hard to come up with a large number of questions (since many don’t apply to some individuals), and users pick terrible questions when left to their own devices. An interesting idea is to pick dozens of yes/no questions like “do you like country music?”: http://www.ravenwhite.com/files/quantifying.pdf

Even in our paper we recommend some simple fixes if we can’t change the current system-the answer distribution can be proactively shaped by the server by probabilistically rejecting the most common responses.

I’m not sure the security increase is quite exponential though. Certain attacks (research and social engineering) don’t get much harder to pull off for multiple questions than for one. Also, people’s likelihood to forget the answer to one of the questions will go up exponentially.

There are a boatload of other problems as well: privacy of giving these answers away, and the fact that it’s very hard to give different answers to different sites. Personally I think the whole personal knowledge approach is always going to be problematic. I’d prefer vouching-based authentication (http://portal.acm.org/citation.cfm?doid=1180405.1180427) or using alternate channels like text message.

Someday maybe we’ll combine all three, and add a few more in. It depends on how serious people care about webmail security, but the trend is that it’s getting more and more important and protecting it with just one basic question seems like a relic of the early days of the internet.

“The failings of humans in general”

We lose things easily including our memories and we also have difficulty remembering anything except by association.

And it is this that in all likely hood gives rise to Zipf (linear on log log axis) behaviour.

However the real question after “proving the and quantifying common knowledge” (ie it’s a broken system only more broken than we guessed) is what do we do about it…

And the answer I suspect will be bassed on “live with it” or “work with it”.

Currently we are talking about one security question giving 2^8 bits of security, however what about 2 independent questions where both questions have to be answered before any indication of correctness or incorectness is given.

I would guess that most humans could stretch to 4 questions.

The question then arises what happens to the “trawl technique” and is there a more optimal attack on such a system.

The reason I say this is that it is a generaly held opinion (amongst security related practitioners) that a National ID is bad because although it can be seen as a strong authenticator (of it’s self) it is a single point of attack (1 bad apple human) and proof of ID is better established with a wide range of weak authenticators.

That is the law of diminishing returns can work in your favor.

This is most often seen in safety systems. For instance the effectivness of a seat belt increases linearly but at exponentialy increasing cost. Likewise the effectivness of an airbag increases linearly with exponentialy increasing cost. However you can beat the cost rise by putting an adiquate seatbelt and adiquate airbag effectivly in parellel and end up with a higher effectivness for less cost. Likewise adding sipps, crumple zones etc etc.

You can thus effectivly engineer a high safety value at a cost minima which is not possible any other way.

You see similar occuring with with high availability systems built with low reliability COTS systems worked in multiple redundancy to get availability figures up.

Any where you have a linear improvment for exponential cost increase on a single item is ripe for getting this sort of treatment, and these “security questions” are a prime example of where it might be brought to bare.

The downside of course is still humans who insist on putting their whole lives in the public record. But then there is “no helping some people” they will always “shoot themselves in the foot” even with an unloaded gun…