A Large Crowdsourced Dataset of Security Questions


Jennifer Golbeck and Simon Li, University of Maryland


Security questions are a common fallback authentication mechanism across the internet, from banking to e-commerce to social media. Previous studies have investigated issues with those questions, with a marked focus on their susceptibility to attack. Indeed, some questions have a small set of possible answers and others are easily guessable by people who know or know about the account owner, and this makes them less secure. However, there are many more important avenues of study regarding security questions: Is there bias inherent in some of these questions? Which are practically easier or more difficult to remember? How does this vary based on demographics? To support this type of usable security research, a dataset of security questions is required. We have created a public, living, crowdsourced dataset of questions with their sources. This paper introduces the first version, with analysis, and we plan to release regular updates that expand and enhance the collection to support future research.

    author = {Golbeck, Jennifer and Li, Simon},
    title = {{A Large Crowdsourced Dataset of Security Questions}},
    booktitle = {Who Are You?! Adventures in Authentication Workshop},
    year = {2020},
    series = {WAY~'20},
    pages = {1--4},
    address = {Virtual Conference},
    month = aug,
    publisher = {}
} % No publisher