Connect with us

Hi, what are you looking for?

Jewish Business News

Business

Google Study: Security Questions Are Not Effective

With a single guess, an attacker would have a 19.7% chance of guessing English-speaking users’ answers to the question “What is your favorite food?”

google-password-reminders-not-effective-623x410

A new study conducted by people at Google has shown what most of us already know. Those security questions that we answer in case you forget your password are ineffective.

You know the ones: What was your first pet’s name? What is your favorite food? What is your mother’s maiden name? The answers are suppose to be unique enough to every individual that they prove you really are who you say that you are.

But do they?

In a blog post Google’s Elie Bursztein, Anti-Abuse Research Lead and Ilan Caron, Software Engineer, gave a glimpse of the results of their groundbreaking research. They looked into the question of whether such questions help.

They wrote that, “secret questions are neither secure nor reliable enough to be used as a standalone account recovery mechanism. That’s because they suffer from a fundamental flaw: their answers are either somewhat secure or easy to remember—but rarely both.”

Here are some of the study’s findings:

With a single guess, an attacker would have a 19.7% chance of guessing English-speaking users’ answers to the question “What is your favorite food?” (it was ‘pizza’, by the way)

With ten guesses, an attacker would have a nearly 24% chance of guessing Arabic-speaking users’ answer to the question “What’s your first teacher’s name?”

With ten guesses, an attacker would have a 21% chance of guessing Spanish-speaking users’ answers to the question,
“What is your father’s middle name?”

With ten guesses, an attacker would have a 39% chance of guessing Korean-speaking users’ answers to the question “What is your city of birth?” and a 43% chance of guessing their favorite food.

40% of our English-speaking US users couldn’t recall their secret question answers when they needed to. These same users, meanwhile, could recall reset codes sent to them via SMS text message more than 80% of the time and via email nearly 75% of the time.

Some of the potentially safest questions—”What is your library card number?” and “What is your frequent flyer number?”—have only 22% and 9% recall rates, respectively.

For English-speaking users in the US the easier question, “What is your father’s middle name?” had a success rate of 76% while the potentially safer question “What is your first phone number?” had only a 55% success rate.

So you are best served by remembering your passwords.

See the complete study here.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Newsletter

Advertisement

You May Also Like

World News

In the 15th Nov 2015 edition of Israel’s good news, the highlights include:   ·         A new Israeli treatment brings hope to relapsed leukemia...

empty

The contract signed between the Israeli government and Pfizer shows clearly and unequivocally that this is a clinical study on humans - The agreement...

Business

Now Platika joins and elite club of $10 billion plus Israeli firms.

Travel

After two decades without a rating system in Israel, at the end of 2012 an international tender for hotel rating was published.  Invited to place bids...

Advertisement