Poor ID Questions Weaken Security
- 1 Comment
Most of the time, when we fill out those annoying security questions while creating an online account, we really don’t think about what we’re doing. We don’t think about how secure our questions and answers are (or are not) and whether someone else could easily guess them and be able to hack into our accounts.
According to security researchers, this is a bad thing. It is far too easy to guess the answers to security questions such as someone’s mother’s maiden name (this information could easily be found online by a determined and persevering hacker). Research has shown that if hackers get three chances to guess answers, they could hack into one in eighty accounts.
Guessing the answers to security questions can allow a hacker to overwrite a password without knowing what it is. In most cases, it is not difficult to guess answers—a study conducted by Microsoft and Carnegie Mellon showed that seventeen percent of the answers to security questions could be guessed by people who knew the owner of the targeted account.
And there is more at stake when email accounts are hacked: access to a person’s email account can give access to other online accounts that require email registration. Because of this vulnerability, some email providers are trying to make their password reset functions more secure. For example, Google can send reset passwords by text message.
Via BBC News.