Access to a computer system (e.g., one or more business functionalities) often require a user to be positively identified using a secondary authentication mechanism such as “Challenge Questions”, when the primary authentication mechanism (e.g., password, biometrics) is blocked. The “Forgot Password” feature is one such example.
The secondary authentication mechanism that is typically deployed in traditional computer systems has a number of deficiencies. First, the set of challenge questions is typically static, very limited, and applicable to all users, all of which reduce the degree of randomness of the questions. Second, the challenge questions are often related to personal data and hence, a persistent malicious user can gather the required information to be able to answer these questions by researching on social media or using social engineering. Also, the set of questions, if compromised in one system for a user, can make other systems vulnerable for similar kind of attack for that user, where an answer to the question on first system remains the same across different systems for a user. An alternative traditional approach requires a user to visit or call a designated facility, which is typically cumbersome and time consuming for the user.