Readers like you keep news free for everyone.

More than 5,000 readers have already pitched in to keep free access to The Journal.

For the price of one cup of coffee each week you can help keep paywalls away.

Support us today
Not now
Dublin: 12°C Sunday 14 August 2022
Advertisement

Those security questions you use for your accounts aren't exactly safe

But you already knew that, didn’t you?

Pizza: great for when you're hungry, but terrible when it's an answer to a security question.
Pizza: great for when you're hungry, but terrible when it's an answer to a security question.
Image: rob_rob2001/Flickr

THOSE SECURITY QUESTIONS that ask you your mother’s maiden name or the first album you ever bought might not be as secure as originally thought.

Research from Google shows that for the majority of cases, your answers tend to be straightforward and are therefore insecure. The chances of attackers getting a question right in ten guesses or less are high considering how much information is publically available or are common for cultural reasons like a common family name.

Also, crowdsourcing services online means it easier to come up with better guesses to these questions and improves the chances of an attacker being correct.

On the other hand, coming up with fake answers can backfire since many who try this strategy use common words as answers, making it easier for attackers to guess the correct answer.

To give an example, an attacker would have a 19.7% chance of guessing English-speaking users’ answers to the question ‘What is your favourite food?’ as the most common answer is pizza.

A similar problem occurs with harder answers since they’re more difficult to recall.

Making a difference

A mix of advertising and supporting contributions helps keep paywalls away from valuable information like this article.

Over 5,000 readers like you have already stepped up and support us with a monthly payment or a once-off donation.

For the price of one cup of coffee each week you can make sure we can keep reliable, meaningful news open to everyone regardless of their ability to pay.

It’s probably unsurprising that the solution Google provides is by using SMS-based codes like two-factor authentication or to create secondary email accounts, both help with authentication and make it easier for users to regain access to their account.

Read: This is how you can access sites you visited offline >

Read: Spotify just unveiled its latest plans and it sees a world beyond music >

About the author:

Quinton O'Reilly

Read next:

COMMENTS (11)