RISK ANALYSIS OF THE DISCOVERABILITY OF PERSONAL DATA USED FOR PRIMARY AND SECONDARY AUTHENTICATION

Thumbnail Image

Files

Richards_umbc_0434D_11612.pdf (1.94 MB)

Links to Files

Permanent Link

http://hdl.handle.net/11603/15634

Collections

UMBC Theses and Dissertations

Author/Creator

Author/Creator ORCID

Date

2017-01-01

Type of Work

dissertations
Text

Department

Information Systems

Program

Information Systems

Citation of Original Publication

Rights

This item may be protected under Title 17 of the U.S. Copyright Law. It is made available by UMBC for non-commercial research and education. For permission to publish or reproduce, please see http://aok.lib.umbc.edu/specoll/repro.php or contact Special Collections at speccoll(at)umbc.edu
Distribution Rights granted to UMBC by the author.

Subjects

authentication
passwords
personal data
privacy

Abstract

Personal data are frequently leveraged to create passwords for password based authentication systems. Personal data are also used in secondary authentication systems, particularly those based around a question and answer format. The use of personal data in authenticators is believed to be driven, to some degree, by usability. The antinomic proposition of usable system authentication, an easily remembered and usable scheme for the proper user which is simultaneously unknown and unusable to any other entity, historically proves to be an elusive goal. While alternative propositions for authentication protocols are numerous, lacking in literature is foundational work directly relating potential authenticators with the discoverability of personal data online. This dissertations investigates the discoverability of personal data, particularly whether another human is able to purposefully find particular personal data commonly used in authentication protocols. Between fifty and sixty participants provide search results for specific personal data regarding four additional participants. The four participants acted as a source for the personal data, consented to the web search and validated the accuracy of data supplied by the data seeking participants. Analyses of the results reveals consistent patterns in the personal data discovered. The results lay a foundation for the improvement of current authentication systems and provide a significant step in both methodology and recommendations to guide the development of alternatives with a goal towards the creation of usable, secure authentication systems. Furthermore, the results provide insight into the nature of privacy, user control of data and the availability of personal data on Web sources.