gHacks Technology News | Latest Tech News, Software And Tutorials » secret questions http://www.ghacks.net A technology news blog covering software, mobile phones, gadgets, security, the Internet and other relevant areas. Sat, 11 Feb 2012 08:24:54 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 Password Recovery Questions Make Online Accounts Vulnerablehttp://www.ghacks.net/2009/07/01/password-recovery-questions-make-online-accounts-vulnerable/ http://www.ghacks.net/2009/07/01/password-recovery-questions-make-online-accounts-vulnerable/#comments Wed, 01 Jul 2009 20:19:54 +0000 Martin Brinkmann http://www.ghacks.net/?p=14058 Password recovery questions are great to recover a forgotten password in a matter of seconds. All that needs to be done is to answer the password recovery question to receive a new password in the email inbox. This does however make email hacking a profitable business as email accounts are usually connected to online stores and other web services. Attackers with access to a compromised email account only need to answer the secret question to retrieve the password of the web account. This matter is definitely more secure than sending out the password without confirmation on the user’s request.

A recent study shows on the other hand that password recovery questions are usually answered honestly. Questions about the birth town, mother’s maiden name or first animal name can sometimes be easily guesses. The study asked acquaintances of 32 webmail users to guess the answer to the secret question. Roughly 20% of these answers were guessed correctly.

Password recovery questions should therefor not be answered honestly. Experienced users fill them out with password like characters which makes the answers more or less impossible to guess. These answers can then be stored in password managers as notes.

How do you handle password recovery questions?

]]> http://www.ghacks.net/2009/07/01/password-recovery-questions-make-online-accounts-vulnerable/feed/ 10