TY  - JOUR
AB  - Purpose– Cognitive passwords are typically realized using “one size fits all” fact‐based or opinion‐based questions, and as such are prone to guessing attacks. The purpose of this paper is to propose a method of personalizing cognitive passwords to individual users, to close this loophole, and evaluate its performance against rigid cognitive passwords.Design/methodology/approach– A personalized questionnaire formulated by the subjects was benchmarked against a rigid questionnaire in terms of recall and security. The evaluation employed two constructs used extensively in previous research, namely, Recall – the success in remembering a password, and Secrecy – the likelihood that the password cannot be guessed.Findings– While the experiment found that personalization increases the recall of cognitive passwords, it showed no improvement in secrecy (reducing guessing rates).Research limitations/implications– The study was conducted in an academic environment with young freshmen students thereby limiting external validity. Another problem might stem from the difference in the length of the questionnaires between groups in order to minimize drop‐out rates.Practical implications– Secrecy was and still is the Achilles heel of the cognitive password mechanism and therefore the results imply that some restrictions should be imposed to prevent selection of over‐simplistic cognitive passwords.Originality/value– This study is important because it is the first of its kind – benchmarking recall and secrecy of two types of cognitive authentication methods – rigid and personalized.
VL  - 19
IS  - 1
SN  - 0968-5227
DO  - 10.1108/09685221111115845
UR  - https://doi.org/10.1108/09685221111115845
AU  - Lazar Lior
AU  - Tikolsky Omer
AU  - Glezer Chanan
AU  - Zviran Moshe
PY  - 2011
Y1  - 2011/01/01
TI  - Personalized cognitive passwords: an exploratory assessment
T2  - Information Management & Computer Security
PB  - Emerald Group Publishing Limited
SP  - 25
EP  - 41
Y2  - 2024/04/19
ER  -