Using Avatars for Improved Authentication With Challenge Questions
The authors present a novel method for improving the security of challenge question authentication, which traditionally requires a user to answer questions such as "What is your Mother's Maiden Name?". In their method, users create an Avatar representing a fictitious person, and later use the Avatar's information to authenticate themselves. The Avatar Profile consists of basic identifying information (e.g., name, address) as well as personality information (e.g., pets, interests). This info is pseudo-randomly generated from a large corpus of information. For authentication purposes, a small amount of the Avatar Profile information is used to respond to challenge questions.