Secret security questions deemed insecure

Rob Beschizza 7:18 am Mon May 25, 2015

Security

Google analyzed the "secret questions" used by its vast userbase and was not surprised to learn that they are mostly terrible.

In a blog post at the company's Online Security Blog, Elie Bursztein said that
"secret questions are neither secure nor reliable enough to be used as a standalone account recovery mechanism."

"That's because they suffer from a fundamental flaw," Bursztein wrote. "Their answers are either somewhat secure or easy to remember—but rarely both."

Here are some specific insights:

With a single guess, an attacker would have a 19.7% chance of guessing English-speaking users' answers to the question

• "What is your favorite food?" (it was 'pizza', by the way)
With ten guesses, an attacker would have a nearly 24% chance of guessing Arabic-speaking users' answer to the question

• "What's your first teacher's name?"
With ten guesses, an attacker would have a 21% chance of guessing Spanish-speaking users' answers to the question,

• "What is your father's middle name?"
With ten guesses, an attacker would have a 39% chance of guessing Korean-speaking users' answers to the question "What is your city of birth?" and a 43% chance of guessing their favorite food.

They're not the first to acknowledge the problems with secret questions.

Terrifying tale of an airport mix-up that turned a MacBook into a paperweight

Paul McMahon, a software developer in Tokyo, shared the nightmarish experience of what happened when he didn't set up Find My on his new MacBook Air. As Paul describes, "Thanks… READ THE REST
U.K. backs off plan to ban end-to-end encryption

Authorities in Britain have admitted they cannot ban end-to-end encryption without making private communications insecure [Financial Times], an outcome that implicates everything from bonking to banking. The effort, posed as… READ THE REST
Woman's credit card can't be lifted from the ground

Forget the ambient temperature superconductor announcement from yesterday; the remarkable property of this credit card is the real "brand-new historical event that opens a new era for humankind." Recorded on… READ THE REST
Save $169 on a lifetime license to Microsoft Windows 11 Pro and never look back

TL;DR: Revamp your digital world with this incredible lifetime license to Microsoft Windows 11 Pro, with its seamless interface and top-notch security, for only $29.97 (Reg. $199) until 11:59 PM on 1/07.… READ THE REST
Upgrade your tech for the new year with this refurbished iPad Pro, less than half price right now

TL;DR: Save over $350 on a refurbished Apple iPad Pro 10.5" 256GB, plus a free accessories bundle, with this sweet deal on sale for just $315.99 right now. Tech fans, it's time… READ THE REST
Make your rockstar dreams a reality for only $15.97 with this Guitar Lessons Training Bundle

TL;DR: The perfect last-minute holiday gift for an aspiring rocker, the 2024 Guitar Lessons Training Bundle is only $15.97 (Reg. $480) until 11:59 PM on 12/25. It's really never too late to make… READ THE REST