Google Asks: How Secure Are Security Questions, Anyway?
| Jotham D. Funclara | | May 25, 2015 10:11 AM EDT |
Google finds that security questions might not be the best way to protect passwords.
A recent study conducted by global tech giant Google revealed that security questions might not be the best layer of protection to give a password. While a vast majority of websites with sign-in features pose these security questions as a means of helping people access forgotten passwords, Google concluded that these queries are neither secure nor efficient enough to use on its own as an account recovery system.
Like Us on Facebook
Security questions take the form of seemingly random questions like the account holder's favorite pet, the name of his first school, and his favorite food, among others. What many people do not realize is that there are countless ways hackers could guess their way into these "protected" accounts. In many cases, the only tool a hacker needs is statistics, said study.
The Google findings reveal that a hacker will have approximately 19.7 percent chance of guessing answers by an English speaker for his favorite food, most of whom answered pizza. On a more sobering thought, Google found out various duplicates of answers to questions that seem too personal to have any. This includes questions about the subject's phone number or frequent flyer number.
In the outset, one of the foreseeable solutions to this is to use difficult (but still relatively personal) questions instead. Unfortunately, Google explained that this could cause the account holder himself to forget the answer and, in effect, lose his account. The same principle debunks the possible solution of layering one security question after another.
Google's blog post ends with a piece of advice, telling account holders to use various means of authenticating password recovery such as through SMS. Moreover, it stresses out the need to use security questions only as a last resort.
An article by Sci-Tech Today gave even more security advice for the everyday user of online accounts. The article said that while one could be tempted to use nonsensical characters in an attempt to ward-off hackers, using a string of real-text is still much safer. The key is to use a combination of words that the account holder could easily remember but will throw an attacker off his game, such as the reassembled lyrics of a favorite song or poem.
©2015 Chinatopix All rights reserved. Do not reproduce without permission
EDITOR'S PICKS
-
Did the Trump administration just announce plans for a trade war with ‘hostile’ China and Russia?
-
US Senate passes Taiwan travel bill slammed by China
-
As Yan Sihong’s family grieves, here are other Chinese students who went missing abroad. Some have never been found
-
Beijing blasts Western critics who ‘smear China’ with the term sharp power
-
China Envoy Seeks to Defuse Tensions With U.S. as a Trade War Brews
-
Singapore's Deputy PM Provides Bitcoin Vote of Confidence Amid China's Blanket Bans
-
China warns investors over risks in overseas virtual currency trading
-
Chinese government most trustworthy: survey
-
Kashima Antlers On Course For Back-To-Back Titles
MOST POPULAR
LATEST NEWS
Zhou Yongkang: China's Former Security Chief Sentenced to Life in Prison
China's former Chief of the Ministry of Public Security, Zhou Yongkang, has been given a life sentence after he was found guilty of abusing his office, bribery and deliberately ... Full Article
TRENDING STORY
China Pork Prices Expected to Stabilize As The Supplies Recover
-
Elephone P9000 Smartphone is now on Sale on Amazon India
-
There's a Big Chance Cliffhangers Won't Still Be Resolved When Grey's Anatomy Season 13 Returns
-
Supreme Court Ruled on Samsung vs Apple Dispute for Patent Infringement
-
Microsoft Surface Pro 5 Rumors and Release Date: What is the Latest?
