Author Topic: Are Your "Secret Questions" Too Easily Answered?  (Read 1556 times)

0 Members and 2 Guests are viewing this topic.

LindaRS

  • Senior Moderator
  • Posts: 5185
Are Your "Secret Questions" Too Easily Answered?
« on: May 20, 2009, 05:59:37 AM »
Quote
Research finds that the answers to secret questions used to retrieve forgotten passwords are easily guessed.

"Secret questions alone are not as secure as we would like our backup authentication to be," says Stuart Schechter, a researcher with software giant Microsoft and one of the authors of the paper. "Nor are they reliable enough that their use alone is sufficient to ensure users can recover their accounts when they forget their passwords."

The least-secure questions are simple ones whose answers can be guessed with no existing knowledge of the subject, the researchers say. For example, the answers to the questions "What is your favorite town?" and "What is your favorite sports team?" were relatively easy for participants to guess. All told, 30 percent and 57 percent of the correct answers, respectively, appeared in the top-five list of guesses.

source
O Lord, I know that the way of man is not in himself: it is not in man that walketh to direct his steps. O Lord, correct me, but with judgment; not in thine anger, lest thou bring me to nothing. Jeremiah  10:23-24

Richard Sherwin

  • Keeper of Bees
  • Full Member
  • Posts: 1567
Re: Are Your "Secret Questions" Too Easily Answered?
« Reply #1 on: May 20, 2009, 03:06:50 PM »
I recently signed up for a internet  business tax account with the state of Michigan. They asked not one, but 5 security questions. Pretty secure I thought but after reading this I'm not so sure.
Laughter is an instant vacation