- MEMBERS RECEIVE ACCESS TO:
- CIO Leadership Group
  CIO Leadership Task Force provides a unique forum for Chief Information Officers from the largest cities and counties in the U.S. to privately interact, both through an online collaboration site and in regular face-to-face meetings. It offers these leaders an on-going opportunity to share information and experiences, and to discussing IT challenges facing larger community jurisdictions.
- Digital Infrastructure
  Task Force
  The Digital Infrastructure Task Force is a collaborative networking group for government IT professionals. Through timely exchange of information and experiences, both online and through regular face to face meetings, municipal and regional government members help each other to make smarter technology decisions for their communities.
- Law Enforcement
  IT Task Force
  The Law Enforcement Task Force is a collaborative networking group for local law enforcement officials from across the nation. In online and regular face to face meetings, both sworn and civilian law enforcement officials come here to discuss technology trends, collaboration and information sharing opportunities within the local law enforcement community.
- Private Events
  and Webinars
- Exclusive White Papers
- JOIN:
- Public Sector
- Private Sector
Digital Communities Home
Introduction
Feature Articles
Local Government Events
Contact
Digital Communities Blogs
Digital Citizen Pulse
Broadband Nation
Web 2.0 Convergence
In the Trenches
International Beat
Notes from a City CIO
Intelligent Communities
MuniGov 2.0
Surveys and Awards
Digital Cities Survey
Digital Counties Survey
DGAA Awards
Best of the Web Awards
Reference and
Resource Library
White Papers
Exclusives
Webinars
Best Practices
Digital Communities
Special Focus
Current Issue
Past Issues
Subscribe

Digital Communities
Industry Members

Click sponsor logos for whitepapers, case studies, and best practices.

Strengthen Online Security With Harder Security Questions

Danfeng Yao

November 9, 2009 By Carl Blesch

Photo: Prof. Danfeng Yao (Credit: Karen Smith)

If you forget your password when logging into an e-mail or online shopping Web site, the site will likely ask you a security question: What is your mother's maiden name? Where were you born?

The trouble is that such questions are not very secure. More people than you may think will know your answers. And if they don't, it might not be hard to search for it online or even make a lucky guess.

But Rutgers computer scientists are testing a new tactic that could be both easier and more secure.

"We call them activity-based personal questions," said Danfeng Yao, assistant professor of computer science in the Rutgers School of Arts and Sciences. "Sites could ask you, 'When was the last time you sent an e-mail?' Or, 'What did you do yesterday at noon?'"

Yao and her students have been testing how resistant these activity questions are to "attack," - computer security lingo for when an intruder answers them correctly and gains access to personal information such as e-mails or to do online shopping or banking.

Early studies suggest that questions about recent activities are easy for legitimate users to answer but harder for potential intruders to find or guess, Yao said.

"We want the question to be dynamic," she said. "The questions you get today will be different from the ones you would get tomorrow."

Rutgers doctoral student Huijun Xiong and visiting undergraduate student Anitra Babic are presenting the group's preliminary results in a workshop at this week's Association for Computing Machinery Conference on Computer and Communications Security. Babic is a senior at Chestnut Hill College in Philadelphia and participated in a summer research program at Rutgers.

Yao said she gave four students in her lab a list of questions related to network activities, physical activities and opinion questions, and then told them to "attack" each other.

"We found that questions related to time are more robust than others. Many guessed the answer to the question, 'Who was the last person you sent e-mail to?' But fewer were able to guess, 'What time did you send your last e-mail?'"

Yao explains that it should not be difficult for an online service provider to formulate these kinds of security questions by looking at its users' e-mail, calendar activities or previous transactions. Computers would have use natural language processing tools to synthesize understandable questions and analyze the answers for accuracy.

Yao is proposing further studies to determine the practicality of the new approach and the best way to implement it.

Yao's work is funded in part by grants from the National Science Foundation.

| More

Comments

Add Your Comment

Name *

Comment *

You are solely responsible for the content of your comments. We reserve the right to remove comments that are considered profane, vulgar, obscene, factually inaccurate, off-topic, or considered a personal attack.

In Our Library

White Papers | Exclusives Reports | Webinar Archives | Best Practices and Case Studies

Identity and Access Management Considerations: Gain insight into enterprise identity and access management (IAM) trends and a unified approach that can simplify identity and access management before, during, and after your organization implements cloud-based services.
Document Driven Process Automation and Human Services: By the Center for Digital Government

Read this Center for Digital Government issue to find out how document-driven process automation can drastically accelerate workflow in state and local government human services agencies.
Using Wireless Technology to Manage and Optimize Government Fleets: Saving Money, Generating Revenues, and Increasing Safety: Using Wireless Technology to Manage and Optimize Government Fleets: Saving Money, Generating Revenues, and Increasing Safety. The paper discusses the challenges federal, state and local government agencies currently face with their government fleets; how mobile technology can help; considerations when selecting a mobile solutions partner; and the benefits of choosing Sprint. Specifically, Frost & Sullivan highlights Sprint’s fleet expertise, its powerful networks, and advanced partnerships that work in concert to provide government fleets with the ability to: Save money, Generate new revenues, Enhance safety, Help the environment, Increase the availability and transparency of information to the public

Latest From Digital Communities Features

Follow @dcommunities

RSS

Law Enforcement Digital Infrastructure

Digital Communities members get access to our collaboration task forces

427 Members

77 Discussions

84 Files

Latest members Become a member

Digital Communities members get access to our collaboration task forces

669 Members

145 Discussions

150 Files

Latest members Become a member

Featured White Papers & Reports

CIOs Redefine Local Government and Industry Relations

Based off of discussions of the Digital Communities Large Jurisdiction Chief Information Officer (CIO) Working Group, this white paper aims to answer the question, "In today's economic, political and business environment, what constitutes a successful relationship between government and industry?" Cause for Optimism identifies and clarifies the issues that separate government and industry, and begins to find an answer to the question necessary for both to enjoy a successful and prosperous future.

View Full Library

Events

GTC East

Don't miss this opportunity to see the latest in digital government solutions, keep abreast of current policy issues and network with key government executives, technologists and industry specialists.

View All Events