tech > code > Proofs of Concepts > Authenticating Via Categorical Preferences
07 Apr 2009 16:29:00 EST

For starters, you probably won't see where I'm going with this unless you read Liu Yang's papers on authentication. But the cliff notes version is that "Secret Questions" suck (just ask Palin) and we need something better. So - how about we pick a half-dozen questions from a pool (baseball, skiing, pizza, chinese food, skydiving, etc), see if you like or don't like them, and save your answers. He goes on to talk about how personal preferences stay stable over a period of time etc etc.

One problem however is that the selection of those 5 questions is secret knowledge. We don't want the bad guys to know what 5 questions you answered. But to find them out, all they have to do is pretend they're you and forgot their password. However, you can't ask the user 100 questions initially and pick a random 5 at authentication because no one wants to fill out a hundred question survey as part of a registration process (this is where Liu actually started in the first paper - I described them in reverse of publication).

So my idea is to give the user those 100 questions - but in a way that doesn't overwelm him. Use categories of data that people intrinsicly can process instantly, but still present a myriad of options. The user will choose a few answers at random - the ones he feels strongest about. When the user re-authenticates, you present the same category to him again, and he will again choose the half-dozen items from it that he feels strongest about.

So what's that category? Well it can be seasons (4 choices), months (12), but the biggest choice-space is a map. Go look at a sample map - it has 13 choices, but I bet the first thing you do when you look at it is go to your favorite city and see if it's there. And this can obviously be expanded to include more.

Add a comment...
required, hidden, gravatared

required, markdown enabled (help)
you type:you see:
[stolen from reddit!](http://reddit.com)stolen from reddit!
* item 1
* item 2
* item 3
  • item 1
  • item 2
  • item 3
> quoted text
quoted text
Lines starting with four spaces
are treated like code:

    if 1 * 2 < 3:
        print "hello, world!"
Lines starting with four spaces
are treated like code:
if 1 * 2 < 3:
    print "hello, world!"