Knowledge-Based Authentication (KBA): Evaluating and Improving

This page provides information regarding the above-titled EPSRC-funded project.

Project Members

Project Description

Authentication is central to computer security and almost every use of computerised systems. With the explosion of online e-commerce, banking, social web sites and governmental services, the problem of finding secure, usable and efficient authentication systems is more acute than ever. The risks of security failure are obvious, and unusable or inefficient systems additionally risk loss of customers or overly expensive support services managing password recovery. Despite the obvious importance of everyday authentication and the widespread adoption of improved mechanisms such as challenge questions, there is a surprising lack of underpinning published research for these methods. Comparative studies, measures of usability and recoverability costs, scientifically justified guidelines for efficient implementation, are all lacking.

This project proposes to understand and assess existing practice with authentication systems using 'known information' such as with challenge questions, and make recommendations for improvement. We expect that the results will have a widespread impact across many sectors, both inside and outside of the UK.

The project is funded by EPSRC till Sept 30, 2009. The original grant proposal can be found here.

Mike Just
Last modified: Fri Dec 18 11:59:23 GMT 2009