In this paper we propose that what-you-know authentication schemes be built using narrative elements. Specifically, we propose that stories be used as the basis of memory-based user authentication, rather than use a fixed string as the secret for authentication (as is the case with text passwords and PINs). The insight here is that secure text passwords are "boring" and, hence, are hard to remember. Narrative is, in contrast, extremely memorable, forming the basis of much of human communication. We present a simple, implementable scheme for narrative authentication using text adventures. We then also examine other strategies for generating and testing knowledge of narrative. Copyright is held by the owner/author(s).

Additional Metadata
Keywords Authentication, Narrative, Text adventures
Persistent URL dx.doi.org/10.1145/2535813.2535820
Conference 2013 New Security Paradigms Workshop, NSPW 2013
Citation
Somayaji, A, Mould, D, & Brown, C. (Carson). (2013). Towards narrative authentication: Or, against boring authentication. Presented at the 2013 New Security Paradigms Workshop, NSPW 2013. doi:10.1145/2535813.2535820