A Model for Enhancing Human Behaviour with Security Questions: A Theoretical Perspective

TL;DR

This paper proposes a theoretical model to understand and improve user behavior in selecting secure, memorable answers for security questions, aiming to enhance password recovery security while maintaining usability.

Contribution

It introduces a novel theoretical framework analyzing determinants influencing user choices of security question answers and offers design recommendations for more effective security mechanisms.

Findings

Identifies key factors affecting user motivation to choose strong answers

Proposes design guidelines for improved security question mechanisms

Lays groundwork for future empirical validation of the model

Abstract

Security questions are one of the mechanisms used to recover passwords. Strong answers to security questions (i.e. high entropy) are hard for attackers to guess or obtain using social engineering techniques (e.g. monitoring of social networking profiles), but at the same time are difficult to remember. Instead, weak answers to security questions (i.e. low entropy) are easy to remember, which makes them more vulnerable to cyber-attacks. Convenience leads users to use the same answers to security questions on multiple accounts, which exposes these accounts to numerous cyber-threats. Hence, current security questions implementations rarely achieve the required security and memorability requirements. This research study is the first step in the development of a model which investigates the determinants that influence users' behavioural intentions through motivation to select strong and memorable answers to security questions. This research also provides design recommendations for novel security questions mechanisms.