Researchers say that security questions on websites need to be replaced with harder more complex questions. A study, from the University of Cambridge, proved the ease of guessing answers to common questions. Another study by researchers at Carnegie Mellon University and Microsoft proved that 17% of answers can be guessed by those that know the target.
Many websites such as email providers, credit card companies and banks use questions when changes are made to account information and password. Often, secret questions can be used to change a password without knowledge of the original password. In the study from Cambridge, they found that answers to the questions are widely known. U.S. marriage and birth records are now able to be viewed online.
For the random attacker who does not want to spend the time investigating the answers to security questions, researchers found that guessing accuracy was fairly high. In the study, 1 in 80 accounts could be broken into if given three chances to guess the answer. Joseph Bonneau, the lead researcher on the study said “The numbers were worse than we thought.”
“Asking what was the name of someone’s first grade teacher seems like a secure choice,” he said. “The problem is that there’s a ton of teachers out there named Mrs Smith.” Criminals that use secret information data are likely to spread and pass the information attained.
Researchers have looked into way to make questions more secure suggestions ranged from more security questions to sending new password via text message.
The New New Internet has compiled a list of suggestions for creating and maintianing effective security questions.
- Do not go with the obvious question
- Never keep a list of question answers in your email. Email questions are easy to hack and can directly change email passwords.
- Do not use a fake answer. Answers that are faked are more easily guessed.
- Some websites allow you to form your own question, this is a great opportunity to create a secure question and answer. Some examples are: What teacher has influenced you the most? What is your favorite book? What country do you wish you could visit? What is your childhood best friends name? What want to be when you grow up?
- Use answers and that are from your life, that cannot be found on forms or documents. For example, the name the teacher that influenced you the most, or your lucky number.
- Do not be afraid of forgetting the answer. If the question is from your life, it should be something you know.