Acognitive password is based on fact or opinion used as the secret code, which
is usually easier for a user to remember and is more difficult for an attacker to
uncover. The user goes through an enrollment process by answering questions
that typically deal with personal experiences and the answers to these questions are
documented and used as cognitive passwords when the user needs to authenticate
herself at a later time. For example, when Chrissy calls a help desk for the first time,
she is enrolled for proper authentication by being asked the following questions:
•What is your mother’s maiden name?
•What is your dog’s name?
•What city were you born in?
•What is your favorite color?
When Chrissy calls back to get assistance from the help desk at a later time,
she is presented with one or more of these questions to prove her identity. Once
the help desk person is convinced of her identification, he can move on to assisting Chrissy.
No comments:
Post a Comment