Geographical Security Questions for Fallback Authentication

Abstract

Fallback authentication is the backup authentication method used when the primary authentication method (e.g., passwords, fingerprints, etc.) fails. Currently, widely-deployed fallback authentication methods (e.g., security questions, email resets, and SMS resets) suffer from documented security and usability flaws that threaten the security of accounts. These flaws motivate us to design and study Geographical Security Questions (GeoSQ), a system for fallback authentication. GeoSQ is an Android application that utilizes autobiographical location data for fallback authentication. We performed security and usability analyses of GeoSQ through an in-person two-session lab study (n=36,18 pairs). Our results indicate that GeoSQ exceeds the security of its counterparts, while its usability (specifically login time) has room for improvement.