Connect with us

Hi, what are you looking for?

Jewish Business News

Business

Google Study: Security Questions Are Not Effective

With a single guess, an attacker would have a 19.7% chance of guessing English-speaking users’ answers to the question “What is your favorite food?”

google-password-reminders-not-effective-623x410

A new study conducted by people at Google has shown what most of us already know. Those security questions that we answer in case you forget your password are ineffective.

You know the ones: What was your first pet’s name? What is your favorite food? What is your mother’s maiden name? The answers are suppose to be unique enough to every individual that they prove you really are who you say that you are.

Please help us out :
Will you offer us a hand? Every gift, regardless of size, fuels our future.
Your critical contribution enables us to maintain our independence from shareholders or wealthy owners, allowing us to keep up reporting without bias. It means we can continue to make Jewish Business News available to everyone.
You can support us for as little as $1 via PayPal at office@jewishbusinessnews.com.
Thank you.

But do they?

In a blog post Google’s Elie Bursztein, Anti-Abuse Research Lead and Ilan Caron, Software Engineer, gave a glimpse of the results of their groundbreaking research. They looked into the question of whether such questions help.

They wrote that, “secret questions are neither secure nor reliable enough to be used as a standalone account recovery mechanism. That’s because they suffer from a fundamental flaw: their answers are either somewhat secure or easy to remember—but rarely both.”

Here are some of the study’s findings:

With a single guess, an attacker would have a 19.7% chance of guessing English-speaking users’ answers to the question “What is your favorite food?” (it was ‘pizza’, by the way)

With ten guesses, an attacker would have a nearly 24% chance of guessing Arabic-speaking users’ answer to the question “What’s your first teacher’s name?”

With ten guesses, an attacker would have a 21% chance of guessing Spanish-speaking users’ answers to the question,
“What is your father’s middle name?”

With ten guesses, an attacker would have a 39% chance of guessing Korean-speaking users’ answers to the question “What is your city of birth?” and a 43% chance of guessing their favorite food.

40% of our English-speaking US users couldn’t recall their secret question answers when they needed to. These same users, meanwhile, could recall reset codes sent to them via SMS text message more than 80% of the time and via email nearly 75% of the time.

Some of the potentially safest questions—”What is your library card number?” and “What is your frequent flyer number?”—have only 22% and 9% recall rates, respectively.

For English-speaking users in the US the easier question, “What is your father’s middle name?” had a success rate of 76% while the potentially safer question “What is your first phone number?” had only a 55% success rate.

So you are best served by remembering your passwords.

See the complete study here.

Newsletter



Advertisement

You May Also Like

World News

In the 15th Nov 2015 edition of Israel’s good news, the highlights include:   ·         A new Israeli treatment brings hope to relapsed leukemia...

Entertainment

The Movie The Professional is what made Natalie Portman a Lolita.

Travel

After two decades without a rating system in Israel, at the end of 2012 an international tender for hotel rating was published.  Invited to place bids...

VC, Investments

You may not become a millionaire, but there is a lot to learn from George Soros.