CHINA TOPIX

12/22/2024 11:57:46 pm

Make CT Your Homepage

Google Asks: How Secure Are Security Questions, Anyway?

Google: Security Questions Pose Risk

Google finds that security questions might not be the best way to protect passwords.

A recent study conducted by global tech giant Google revealed that security questions might not be the best layer of protection to give a password. While a vast majority of websites with sign-in features pose these security questions as a means of helping people access forgotten passwords, Google concluded that these queries are neither secure nor efficient enough to use on its own as an account recovery system.

Like Us on Facebook

Security questions take the form of seemingly random questions like the account holder's favorite pet, the name of his first school, and his favorite food, among others. What many people do not realize is that there are countless ways hackers could guess their way into these "protected" accounts. In many cases, the only tool a hacker needs is statistics, said study.

The Google findings reveal that a hacker will have approximately 19.7 percent chance of guessing answers by an English speaker for his favorite food, most of whom answered pizza. On a more sobering thought, Google found out various duplicates of answers to questions that seem too personal to have any. This includes questions about the subject's phone number or frequent flyer number.

In the outset, one of the foreseeable solutions to this is to use difficult (but still relatively personal) questions instead. Unfortunately, Google explained that this could cause the account holder himself to forget the answer and, in effect, lose his account. The same principle debunks the possible solution of layering one security question after another.

Google's blog post ends with a piece of advice, telling account holders to use various means of authenticating password recovery such as through SMS. Moreover, it stresses out the need to use security questions only as a last resort.

An article by Sci-Tech Today gave even more security advice for the everyday user of online accounts. The article said that while one could be tempted to use nonsensical characters in an attempt to ward-off hackers, using a string of real-text is still much safer. The key is to use a combination of words that the account holder could easily remember but will throw an attacker off his game, such as the reassembled lyrics of a favorite song or poem.

Real Time Analytics