A white paper, called “Secrets, Lies and Account Recovery: Lessons from the Use of Personal Knowledge Questions at Google”, unveils some interesting facts about the efficiency of all pre-defined security questions adopted by Google.
We are all familiar with Google asking us about our favorite foods, about our teacher’s names, about pet names, our birth city and other random assertions with question marks that most of the times prove to be rather confusing. These questions appear whenever Google wants to strengthen the security barrier for its users, but instead create confusion and silent nervous breakdowns.
The recently published white paper has revealed that most answers for the above mentioned questions can be easily hacked, while others are pretty hard to recall. So why does Google use them anyway?
After a thorough analysis through hundreds of millions of these kinds of questions along with their answers from Google, the team concluded that the secret questions provide neither secret answers nor offer high security.
The security questions preset by Google are very easy to remember and to randomly guess or they are too hard to remember, thus easy to forget. Google hasn’t thought of a middle ground between these two extremes and we are facing a fake security control from Google every time we create new accounts on the platform.
The white paper is also criticizing the relative and flexible truth about these questions. If Google asks us what our favorite food is, our answer doesn’t necessarily remain the same throughout the years. What we believe to be our favorite food at any given time can easily change, so what we type in as an answer for password recovery is speaking in terms of irrelevance in the case of Google password recovery questions.
Anyhow, the entire list of questions and answers defined by Google standards are insecure, as it is very often possible for third parties to guess that information, provided they have your name. The hardest thing to recall appears to be your frequent flyer number, which sounds pretty much absurd.
City of birth also offers a high security barrier, being declared as one of the best questions to remember. It has an 80.1% success rate. The second best in the list appears to be our father’s middle name.
Favorite foods are such easy guesses, pet names are sometimes very hard to recall, favorite friends in high school are easy to forget and so on. It seems that Google hasn’t been that smart in imagining a good set of security questions, allowing us to offer steady and secure answers and keeping hackers away with efficiency.
Statistics show that 37% of users fake the answers to get through with a useless process. Users offer random answers for questions related to their phone number – which is an unstable question and a very personal one.
40% of English speaking users in US don’t recall their security questions at all. In cases where people chose as security question the flyer trick, only 9% could recall their answer.
The best way to benefit from your password recovery would be to use a SMS backup code, a secondary e-mail address or fill in forms asking for personal data.
Image Source: techsmash.net