|  Home   |  Forums   |  News   |  Blog   |

March 9, 2010

Security questions called into question

Bookmark and Share

by Darren Allan

So we’re all well aware of the issues surrounding online passwords – and why you should use a difficult to guess series of letters and numbers.

Preferably with some cases thrown in for extra security. And, of course, never use the same passwords for different accounts.

But research from the universities of Cambridge and Edinburgh has criticised one largely overlooked element of online login security. Namely, security questions, such as having to enter your mother’s maiden name.

The research examined how easy it was to crack these questions, even if hackers knew nothing about the person whose account they were trying to break into.

Even if this was the case, they found that – if given three attempts at guessing – a would-be hacker could gain access to one in eighty accounts.

This is due to factors such as the commonality of surnames – such as Smith being a pretty good guess for a maiden name in the Western world.

Common place names are another bugbear – London’s going to be a fairly good guess for a place of birth.

If the person knows something about the account owner, or can glean information off a social networking site for example, obviously the chances of breaking the security question increase considerably.

The researchers believe that companies such as banks, online shopping sites, webmail pages and so forth, should re-evaluate the matter of security questions in the light of their findings.

Story link: Security questions called into question

Discuss this in the Techwatch Forums

Related news to "Security questions called into question"

No Comments »

No comments yet.

Leave a comment

Previous: « Watchdog urges government to refocus broadband strategy
Next: Vodafone announces UK job cuts »

Visited 378 times, 1 so far today