CATEGORIES
home News

Google Study Shows That We Suck At Password Security Questions

by Brandon HillThursday, May 21, 2015, 05:00 PM EDT

What city were you born in? What’s your best friend’s name? What’s your mother’s maiden name? We’re all filled out these annoying security questions when setting up online account profiles, but Google has issued a new study that examines the problem with such questions when it related to account security.

It should come as no surprise that Google found that “secret questions generally offer a security level that is far lower than user-chosen passwords” and that “secret questions are neither secure nor reliable enough to be used as a standalone account recovery mechanism.” The reasons for this should be incredibly obvious. Given how socially-connected most of us have become over the past few years, a nefarious party could easily access your account if they knew your email address and little bit about your personal life from a social networking site. Common security questions like your place of birth, your favorite pet, or even your favorite food could be easily obtained with little effort.

Speaking of your favorite food, an attacker with just a single guess could would have nearly a 20-percent chance of correctly answering “pizza” for the question “What’s your favorite food?”

googlepasswords

After combing through hundreds of millions of security questions, the search giant also found that Google users that attempted to recover their accounts using their security questions often couldn’t even remember them. This occurred often because 1) they made the questions too hard to remember, or 2) users frequently tried to throw off malicious parties by giving false answers. That last ploy is a big no-no according to Google, as “this ends up backfiring because people choose the same (false) answers, and actually increase the likelihood that an attacker can break in.”

In the end, security questions are often just more trouble than they’re worth according to Google, “because they suffer from a fundamental flaw: their answers are either somewhat secure or easy to remember—but rarely both.”

As an alternative, Google is prodding its account users to go through the Security Checkup to setup alternative methods of account authentication including backup codes that are sent via SMS texts, and secondary email addresses. No method is completely foolproof, but Google’s preferred options are both more secure than lousy security questions.

Tags:  Google, (nasdaq:goog), security checkup, security questions, password recovery
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment