Wednesday, May 20, 2009

WHAT'S YOUR CODE?

28% OF PEOPLE CAN CORRECTLY GUESS THE ANSWER TO A FRIEND'S SECRET SECURITY QUESTION ONLINE:

You know how when you forget your password to a secure online website, you have to answer one of those security questions . . . like "What's your mother's maiden name?" . . . in order to reset your password?

Well, according to researchers from Microsoft and Carnegie Mellon University, those security questions aren't all that secure after all. Listen to this . . .

A recent study found that 28% of "trusted friends" were able to correctly guess the answer to another person's secret security questions. And even people who aren't "trusted friends" can still guess the correct answer 17% of the time.

Overall, 30% of people correctly guessed how another person answered the question: "What is your favorite town?"

40% correctly guessed the answer to the question: "What is your pet's name?"

45% correctly guessed the answer to the question: "What city were you born in?"

And 57% correctly guessed the answer to the question: "What is your favorite sports team?"

A guy named Stuart Schechter co-authored the study. He says, "Secret questions alone aren't as secure as we'd like our backup authentication to be. "Nor are they reliable enough that their use alone is sufficient to ensure users can recover their accounts when they forget their passwords."

In other words, the answers to your secret questions aren't so difficult that other people are unable to guess the answers. But they're not so obvious that you're sure to remember them either. (Technology Review)

(--Which, of course, begs the question: Then what good are security questions anyway?)

0 Comments:

Post a Comment

Subscribe to Post Comments [Atom]

<< Home