ワークショップ (国際) Enhancing Account Recovery with Location-based Dynamic Questions

Shuji Yamaguchi, Hidehito Gomi, Tetsutaro Uehara (Ritsumeikan University)

IEEE International Workshop in Cyber Forensics, Security, and E-discovery (CFSE 2023)


Account recovery, an essential backup solution, traditionally uses identity proofing methods like secret questions. With the ubiquity of modern smartphones, there's a need for secure and convenient recovery methods. Current methods, such as secret questions or SMS-based verification, have shown security vulnerabilities like susceptibility to guesswork or SIM-swap attacks. To address these vulnerabilities, we focus on location history that well represents user's identity as additional information to enhance identity verification, capitalizing on the widespread acceptance of location-based applications and the presence of GPS sensors in smartphones. We propose a novel approach called Location-based Dynamic Questions (LocDQ) that dynamically creates questions using a user's specific and characteristic places extracted from his or her location history. In a preliminary experiment with eight participants, the proposed method demonstrated promising results, with participants favorably inclined towards its use. However, challenges were identified, such as high accuracy in answering others' questions, which we aim to address in future research with more extensive participant groups.

Paper : Enhancing Account Recovery with Location-based Dynamic Questions新しいタブまたはウィンドウで開く (外部サイト)