Image
  • Home
  • Blog
  • Case Summaries
  • Services
    • Workshops
  • About
    • About Us
    • Objectives
    • Our Achievements
    • My Cyber Crime Story
    • Team

Technology. Law. Policy. You

For all things cyber

Are Security Questions Secure Enough To Protect Your Account?

Arpan SinhaMay 25, 2015Cyber Security

Well, the answer according to Google Security blogger Elie Bursztein, is a straight “No.” Security questions, according to the blog, are either easy-to-remember or secure, but rarely both. More than 75% people prefer the former making them vulnerable to getting their account hacked. Popular websites, like Yahoo, Hotmail, and even Facebook rely on security questions to retrieve lost passwords. Sometimes these questions are used as an additional layer of security against suspicious login attempts, but the effectiveness of these questions are seldom questioned.

Yahoo-Canada's account retrieval through security question

Yahoo-Canada’s account retrieval through security question

Easy questions, like “What is your favorite food?” are more likely to be guessed. In fact, “favorite food” is the most common question set by a user, and is the most easily guessed one too. According to Google Security Blog, 19.7% answers were “Pizza.” According to them, 37% people intentionally provide false answers, but are equally likely to be guessed as the people who try to crack down these questions too think in the way the users must have.

Though difficult questions are safer, they are very difficult to remember. An average internet user answers 2 security questions a year, so if you’ve set a difficult questions, you’ll certainly forget it in 6 long months. In fact, the blog too presented a statistical data supporting this argument, according to which 40% of the American citizens forgot what their security questions were, let alone the answers.

The solution?

Thankfully, there are some solutions to it.

  • The most secure of it all is the 2-factor authentication. After you’ve answered your security question and set a new password, you’ve to login again. And when you do it, it is where the 2-factor authentication comes into play. After clicking the “login” button, you’ll be asked a pin, which automatically changes after every fixed intervals. So even if someone has cracked your security question, they can’t login unless they have the pin.
  • Another option, according to what the blog said, is for the site owners. They must have some OTP sent over in the form of SMSs or e-mails along with the questions.
  • A bit less safe option is having multiple security questions. Having two questions instead of one greatly reduces the risk. If two easy questions each having a probability of being guessed in ten attempts is 25% each, then the possibility that they’ll be guessed together reduces to a whopping 2%.
Beutler_Google_passwords

Beutler_Google_passwords

Related

Tags:authentication, cybersecurity, email, Google, INTERNETSECURITY, Login, securityquestions, SocialMedia, yahoo

Our Most Popular Posts

  • Residential CCTV and Neighbours' Privacy Invasion
  • Is it illegal to watch porn on Telegram?
  • क्या भारत में पोर्न देखना गैर कानूनी है?
  • Is it legal to share nude pictures over WhatsApp?
  • 5 Steps to Immediately take if your nudes are being used to Blackmail YOU.
  • Google India Pvt. Ltd. v. Visaka Industries
  • Hentai, Child Porn, and India
  • Is Hosting a Porn Website Legal in India?
  • Pornography Rules in India
  • Depreciation Rate for Computer and Related Devices

Connect to us on Facebook

Connect to us on Facebook

Read More

  • I Surf Secure Websites, Do You??
  • Automate proxy changing on Windows
  • Detecting CSAM: Through Hashing and Intermediaries
  • Truth behind the Battery and Chip video that’s going viral
  • The Indian Data Protection & Privacy Law: Rights I should have
  • What is a Decentralised Autonomous Organisation?
  • Is it legal to share stock market tips on social media?
  • What is the cloud really?
  • Regulating Video Streaming Platforms – Delhi HC says NO!
  • The Cyber Blog India’s take on the Facebook-Cambridge Analytica Incident

Subscribe to our Newsletter

Our recent posts

  • The Curious Case of Splinternet: Why do Russia and China want separate internets?
  • How to check if a digital loan app is genuine?
  • डिजिटल इंडिया मिथक: इन्कॉग्निटो मोड
  • Who governs the Internet?
  • Digital Loans: Understanding RBI’s New Regulatory Model

Reach out to us for assistance!

contact@cyberblogindia.in
WhatsApp Helpline: +91 9340337396
Telegram Channel: https://t.me/incyberblog

In case of an offence against a woman/girl, for the sake of comfort, the victim may put forth a special request to get in touch with a female team member to assist her.

Guest Post Guidelines are available here. 

Connect to us on Facebook

Connect to us on Facebook
  • Home
  • Blog
  • Case Summaries
  • Services
    • Workshops
  • About
    • About Us
    • Objectives
    • Our Achievements
    • My Cyber Crime Story
    • Team
© 2014-2023 Stellato Techno Legal LLP. All rights reserved.
Disclaimer: Be advised that we are neither a law enforcement agency nor a government organisation. The information available on this website shall not be construed as legal advice.