Password Recovery Questions are a Terrible Way to Protect Online Accounts

Password Recovery Questions are a Terrible Way to Protect Online Accounts

A new research paper found that people often choose obvious answers that are easy for hackers to guess

According to a new research paper, Google staffers found that security questions which are often used to help users recover passwords are one of the worst ways to protect online accounts. The company studied hundreds of millions of actual question-and-answer combos used by real Google users, and discovered people often choose obvious answers that are easy to remember, but also easier for hackers to guess.

The study estimates that an attacker would have a 20 percent chance of guessing an English speaker’s answer to the question, “What is your favorite food?” by guessing “pizza” on the first try.

According to Google, 40 percent of English-speaking U.S. users have failed to recall their answers to security questions.

Instead of using these questions, Google recommends using authentication through text messages or alternate email addresses in order to boost security and help users recover lost passwords. When SMS messages are used as a recovery method, people are able to get back into their accounts more than 80 percent of the time.

About the Author

Matt Holden is an Associate Content Editor for 1105 Media, Inc. He received his MFA and BA in journalism from Ball State University in Muncie, Indiana. He currently writes and edits for Occupational Health & Safety magazine, and Security Today.

  • Becoming a Guide on the Customer Journey Becoming a Guide on the Customer Journey

    In this episode, Security Today editor-in-chief Ralph Jensen chats with Chris Hugman of System Surveyor about the customer journey. As the company’s chief executive officer, Hugman continues to work toward his vision of seamless systems management from concept to system end-of-life. He also addresses what it takes to be a guide in the security industry and why it is different from the traditional sales process. Originally a systems integrator, Hugman reveals his thoughts on technology and the prospects of the customer journey over the next few years, as well as the direction of technology.

Digital Edition

  • Environmental Protection
  • Occupational Health & Safety
  • Spaces4Learning
  • Campus Security & Life Safety