The Register - Security

IEEE Spectrum Computing Channel

May 21, 2015

Google Online Security Blog: New Research: Some Tough Questions for ‘Security Questions’

Google Online Security Blog: New Research: Some Tough Questions for ‘Security Questions’










  • With a single guess, an attacker would have a 19.7% chance of guessing English-speaking users’ answers to the question "What is your favorite food?" (it was ‘pizza’, by the way) 
  • With ten guesses, an attacker would have a nearly 24% chance of guessing Arabic-speaking users’ answer to the question "What’s your first teacher’s name?"
  • With ten guesses, an attacker would have a 21% chance of guessing Spanish-speaking users’ answers to the question, "What is your father’s middle name?"
  • With ten guesses, an attacker would have a 39% chance of guessing Korean-speaking users’ answers to the question "What is your city of birth?" and a 43% chance of guessing their favorite food.

Many different users also had identical answers to secret questions that we’d normally expect to be highly secure, such as "What’s your phone number?" or "What’s your frequent flyer number?". We dug into this further and found that 37% of people intentionally provide false answers to their questions thinking this will make them harder to guess. However, this ends up backfiring because people choose the same (false) answers, and actually increase the likelihood that an attacker can break in.

Read more . . . 

Help Net Security - News

Latest articles from SC Magazine UK

Here's a phish you might not spot - 60 Sec Security

Biggest Information Security and Cybersecurity Misconceptions

Computer History Museum Videos

Slashdot: Your Rights Online

Public Key Cryptography: Diffie-Hellman Key Exchange

InfoWorld Security

ComputerWeekly.com - When IT Meets Politics

Nextgov.com News Articles

Electronic Privacy Information Center

Cyberlaw - Stanford Center for Internet and Society

SecurityWeek

European Public Policy Blog