[Technology] Your Secret Questions Are Just as Terrible As Your Passwords

[lioneatszebra]

Your Secret Questions Are Just as Terrible As Your Passwords
From PC Magazine

It's official: we're terrible at account security. Not only do we use awful passwords, but we can't even remember the answers to our secret questions.

A new report from Google found that secret questions are the least reliable way to regain entry into your account. Of the millions of account recovery attempts analyzed by the search giant, about 40 percent of people could not recall the answers to their secret questions when necessary.

One reason? People tried to be clever and provide the wrong answers to their questions (Where were you born? Tomato). But then they forgot that wrong answer. Duh.

Questions that are deemed more secure, meanwhile, are often harder to remember, Google found.

"'Father's middle name?' had a success rate of 76 percent overall whereas the potentially safer question 'First phone number?' had a 55 percent recall," Google said. "The potentially safest questions have abysmal recall: 'Library card number?' has a 22 percent recall and 'Frequent flyer number?' only has a 9 percent recall rate."

Your ability to remember an answer also decreases over time. About 74 percent of people could remember the response to "favorite food?" one month after entering it. But that dropped to 53 percent after three months and 47 percent after a year.

Google said it has a much higher success rate with email- or text-based account recovery options. As a result, it avoids secret questions unless they're used in conjunction with one of those two alternatives.

"Secret questions continue have some use when combined with other signals, but they should not be used alone and best practice should favor more reliable alternatives," Google said. "We conclude that it appears next to impossible to find secret questions that are both secure and memorable."

Not being able to remember your secret question responses is annoying, but Google said the bigger concern is hackers who try to hijack accounts using "mass guessing attacks." With weak answers, it's not that difficult: a 2009 report from the Institute of Electrical and Electronics Engineers said that researchers guessed about 10 percent of people's answers by using common responses.

In an era of openness, meanwhile, where your every move is chronicled online, it's not hard to find things like place of birth, mother's maiden name, or high school mascot by trolling a Facebook or Twitter account.

This type of scenario is potentially how hackers gained access to celebrity iCloud accounts last year. "Certain celebrity accounts were compromised by a very targeted attack on user names, passwords, and security questions, a practice that has become all too common on the Internet," Apple said in a September statement.

[Green_Giant]

One issue I always have had with these secret questions, is I also forget how I spelled it. If they are case sensitive, i'll have no idea what I put. Or if I have put other words like "The" with it, and it''s always such as hassle.

[Tombo_]

Not only is it an issue of remember just one password for these "Secret Questions" but now many sites/apps/accounts are using these the chances of you remembering all of them is very slim. It would be more understandable if all the websites etc had the same set of questions so you could use the same one for each. However, if this was the case i guess the issue of if someone learns the password for one of them you're in trouble for the rest of the questions.