Google: only offer security questions for recovery is unsafe




Security Questions for restoring accounts often offer a false sense of security. The questions should be easy to remember, but it actually means that the malicious can quickly find out the answers. This is evident from Google search.

The company has studied the effect of security questions because it never would be viewed in detail. This is strange: after all, many sites use security questions to allow users so opportunity to restore their account after they lost passwords.

Google employees analyzed “hundreds of millions” security questions of Google accounts and attempts to answer those questions. They discovered that hardly difficult questions are advisable and would thus be useless in most cases. In contrast, proved simple questions to quickly guess what security anyway did not help.

The scientists looked at the questions and answers in English, Spanish, Chinese, Portuguese, Russian, Korean and Arabic users. They found striking differences between languages ​​and cultures. As English speakers often proved to the question what is their favorite food, pizza to have filled. Attackers were therefore able in 19.7 percent of cases, immediately gain access to an account, so is there in the paper by the researchers.

In addition, at Koreans faster again to guess the place of birth, simply because the Korean population is centered in cities less than, for example, in the United States is the case. This means that attackers within ten attempts 39 percent were able to guess the questions of Koreans.

Google employees recommend that website owners off to a rather, two security questions to ask at the same time. The likelihood that attackers know both answers to wrest the researchers is small, but users do not know the answer as soon as more rekindle. In total, 41 percent of users forgot one of two responses.

Google recommends site owners to provide some other form of recovery, instead of security questions. Sending e-mails to an alternate address or sending SMS messages to a phone according to the company better alternatives. Google offers two options for its users for quite some time. Also, competitors like Microsoft, Apple and Yahoo do.


In: A Technology & Gadgets Asked By: [22628 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »