SafeUM
Home Blog Services Download Help About Recharge

Axarhöfði 14, 110 Reykjavik, Iceland

Iceland - 2015
SafeUM
Blog
Services
Download
Help
About
Recharge
Menu
Archive
TOP Security!
25 May 2015

Security questions aren’t all that secure

What is your favorite food? What was your first teacher’s name? What’s the name of your first pet? Do those questions sound familiar to you?

If they do, it’s probably because you either have really boring and repetitive conversations or you’ve answered them as security questions when you signed up for a new account somewhere.

They’re meant to provide an extra layer of security, but according to a new study by Google’s security team, they aren’t all that secure. Looking at ‘hundreds of millions’ of these questions and their answers from Google users who tried to recover their accounts, the team concluded that “secret questions are neither secure nor reliable enough to be used as a standalone account recovery mechanism.” That’s because they are either too easy to remember (and hence to guess) or too hard to remember (and hence easy to forget). There doesn’t seem to be much of a middle ground.

Chances are, for example, that when you try to guess what an English-speaking user said was his or her favorite food, guessing pizza would get you a long way (almost 20 percent of Google users apparently used this as their answer). Using 10 guesses, there’s also a 21 percent chance of guessing a Spanish speaker’s father’s middle name. In a country where most of the population lives in a few very large cities, chances are you can also quickly guess where they were born (think South Korea, for example).

It also turns out that 37 percent of users simply fake it to make their live easier. Google found, for example, that many users would provide the same answer for questions like ‘What’s your phone number?’ and ‘What’s your frequent flyer number?’ even though those are most likely completely different.

In total, 40 percent of English-speaking users in the U.S. couldn’t recall their questions at all. People who actually used the frequent flier question, for example, only remembered the right answer in 9 percent of cases. So if one question is easy to guess, the logical next step would be to add more questions, which some systems do. That makes it harder for attackers to guess them correctly, but then the chances of the user also recalling both correctly drops, too.

Google’s researchers argue that site owners should use SMS backup codes, secondary email addresses and other means to securely authenticate users and only use these questions as a method when everything else has failed.

Tags:
Google hackers
Source:
TechCrunch
2035
Other NEWS
3 Jul 2020 safeum news imgage An encrypted messaging service has been infiltrated by police
4 May 2020 safeum news imgage Two-Factor Authentication ​What Is It and Why You Should Use It
12 Dec 2019 safeum news imgage Encryption is under threat - this is how it affects you
4 Nov 2019 safeum news imgage Should Big Decisions Be Based on Data or Your Intuition?
7 Jun 2018 safeum news imgage VPNFilter malware infecting 500,000 devices is worse than we thought
4 Jun 2018 safeum news imgage Hackers target Booking.com in criminal bid to steal hundreds of thousands from customers
1 Jun 2018 safeum news imgage Operator of World's Top Internet Hub Sues German Spy Agency
30 May 2018 safeum news imgage US says North Korea behind malware attacks
29 May 2018 safeum news imgage Facebook and Google targeted as first GDPR complaints filed
25 May 2018 safeum news imgage A new reason to not buy these cheap Android devices
24 May 2018 safeum news imgage Flaws in smart pet devices, apps could come back to bite owners
23 May 2018 safeum news imgage Google sued for 'clandestine tracking' of 4.4m UK iPhone users' browsing data
21 May 2018 safeum news imgage LocationSmart reportedly leaked phone location data onto the web
18 May 2018 safeum news imgage The SEC created its own scammy ICO to teach investors a lesson
17 May 2018 safeum news imgage Thieves suck millions out of Mexican banks in transfer heist
All news
SafeUM
Confidential Terms of Use Our technologies Company
Follow us
Download
SafeUM © Safe Universal Messenger

Axarhöfði 14,
110 Reykjavik, Iceland

Iceland - 2015