| Summary: | <p>Mainstream authentication procedures have usually relied on knowledge factors for determining whether to allow a user access to resources. Typically, a user is challenged to provide a token that they know to prove that they are authorised. In the case that this token (password, passphrase, personal identification number, etc.) is forgotten, the usual approach has been to provide password hints or password reset questions during credential recovery to help ensure a user is who they claim to be before allowing them to reset the token. Survey++ is a platform designed to test the usability and security of credential recovery mechanisms. Survey++ was built to test a credential recovery mechanism that reminds a user of their password by showing them characters from the password, but it can be easily extended to test other recovery mechanisms or authentication procedures.</p>
|
|---|