When you sign up for a new account on various websites you are faced with different security questions such as “What was your first teacher’s name?”, “Where were you born?” or “what is the name of your first pet?” All these questions are destined to provide extra security for your account. However Google’s security team has conducted a new study according to which these questions are not really secure.
The study claims that security questions are a weak way of protecting your account from hackers. In some cases the answers to these questions are very simple and consequently they are easy to recall which makes it very easy for hackers to guess the answer after multiple attempts. In other cases, on the contrary, the questions can be so difficult that even the users have a difficult time remembering what the answer was.
The users themselves cannot remember the answer because in most of the times they give the wrong answer on purpose in an attempt to make their account more secure. As a consequence users forget the fake answer. In addition, if one has to answer to the question “What is your favorite food?” it is very likely that your preferences will change over time. The study says that if a user is asked this question within a month after the account was created there are 74% chances that one will answer correctly. But after three months the odds of giving the correct answer are 50-50.
It seems that nearly 20% of Google users answer with “pizza” as their favorite food. The study also suggests that using only ten guesses there are 21% chances of guessing the middle name of the father in the case of a Spanish-speaking person. And in countries like South Korea where the majority of the population lives in a few major cities it is also easy to guess where the user was born.
All in all the study indicates that 40% of English-speaking users from the US could not remember at all what the security question was. It also seems that 37% of the users give a fake answer and many of them use the same answer for the questions “What’s your frequent flyer number?” and “What is your phone number?” although they are completely unrelated things. Moreover Google has discovered that among those who used the frequent flier question only 9% of them remembered the answer.
So when analyzing the hundreds of millions of security questions Google discovered that they are neither secure nor reliable.
Image Source: ZDNet.com