Home >> Internet >> Google: secret questions are the least reliable way to regain accounts

Google: secret questions are the least reliable way to regain accounts

Now it’s become official that people are not only keeping more awful passwords, but also forgetting their own answers to the security questions. Google Inc. (NASDAQ:GOOG) comes up with a new report, says that among one million of account recovery attempts, only 40 percent of those people are able to remember the answers to the secret questions.account-password


The more interesting part is that, people are trying to be much clever and provides the wrong answer to the questions. For instance, Where were you born? and give answers such as Papaya. But they even forget that wrong answer too.

Google said,

“Secret questions continue have some use when combined with other signals, but they should not be used alone and best practice should favor more reliable alternatives,” “We conclude that it appears next to impossible to find secret questions that are both secure and memorable.”

Moreover, Questions such as Father’s Middle Name? And First Phone Number? Has more success rates than other questions such as Frequent flyer number and library card number type of questions. Google has mentioned that ability to recall the answers decreases over time and the scenario becomes worst in case of favorites type of questions.

If anyone enters an answer for favorite food, then the responses for the same drops abruptly over time. In the meanwhile, Google has mentioned that the success rate is higher in case of email or text based account recovery options and secret questions are less effective than that of email based recovery options.

Hackers can easily guess the answers that are more common, if user is keeping a weak answer. IEEE reported in 2009 that, around 10 percent of the people accounts are hacked by using common answers. In this world of technology, it is not that much hard to find information such as place of birth, high school name by simply searching the user’s social media profiles.  It is our responsibility to keep our account more safe.

[ Source (PDF) ][ Via ]

About John W Arthur

John is the head of our IT Security team and he writes about Security, IT news on The Next Digit. He was the Employee of the Year 2013 for his selfless support and efficiently setting up the whole security infrastructure. He also occasionally writes on "IT Sec Pro" Print Media of Sweden. All posts by John

Leave a Reply

Your email address will not be published. Required fields are marked *