Image
  • Home
  • Blog
  • Case Summaries
  • Services
    • Workshops
  • About
    • About Us
    • Objectives
    • Our Achievements
    • My Cyber Crime Story
    • Team

Technology. Law. Policy. You

For all things cyber

Are Security Questions Secure Enough To Protect Your Account?

Arpan SinhaMay 25, 2015Cyber Security

Well, the answer according to Google Security blogger Elie Bursztein, is a straight “No.” Security questions, according to the blog, are either easy-to-remember or secure, but rarely both. More than 75% people prefer the former making them vulnerable to getting their account hacked. Popular websites, like Yahoo, Hotmail, and even Facebook rely on security questions to retrieve lost passwords. Sometimes these questions are used as an additional layer of security against suspicious login attempts, but the effectiveness of these questions are seldom questioned.

Yahoo-Canada's account retrieval through security question

Yahoo-Canada’s account retrieval through security question

Easy questions, like “What is your favorite food?” are more likely to be guessed. In fact, “favorite food” is the most common question set by a user, and is the most easily guessed one too. According to Google Security Blog, 19.7% answers were “Pizza.” According to them, 37% people intentionally provide false answers, but are equally likely to be guessed as the people who try to crack down these questions too think in the way the users must have.

Though difficult questions are safer, they are very difficult to remember. An average internet user answers 2 security questions a year, so if you’ve set a difficult questions, you’ll certainly forget it in 6 long months. In fact, the blog too presented a statistical data supporting this argument, according to which 40% of the American citizens forgot what their security questions were, let alone the answers.

The solution?

Thankfully, there are some solutions to it.

  • The most secure of it all is the 2-factor authentication. After you’ve answered your security question and set a new password, you’ve to login again. And when you do it, it is where the 2-factor authentication comes into play. After clicking the “login” button, you’ll be asked a pin, which automatically changes after every fixed intervals. So even if someone has cracked your security question, they can’t login unless they have the pin.
  • Another option, according to what the blog said, is for the site owners. They must have some OTP sent over in the form of SMSs or e-mails along with the questions.
  • A bit less safe option is having multiple security questions. Having two questions instead of one greatly reduces the risk. If two easy questions each having a probability of being guessed in ten attempts is 25% each, then the possibility that they’ll be guessed together reduces to a whopping 2%.
Beutler_Google_passwords

Beutler_Google_passwords

Related

Tags:authentication, cybersecurity, email, Google, INTERNETSECURITY, Login, securityquestions, SocialMedia, yahoo

Our Most Popular Posts

  • Pornography Rules in India
  • 5 Steps to Immediately take if your nudes are being used to Blackmail YOU.
  • क्या भारत में पोर्न देखना गैर कानूनी है?
  • Central Bureau of Investigation v. Abhishek Verma
  • Is it legal to share nude pictures over WhatsApp?
  • Cyber crime and laws in Nepal: An overview
  • Filing a Complaint on National Cyber Crime Reporting Portal
  • Anvar P.V. v. P.K. Basheer & Ors
  • Is Hosting a Porn Website Legal in India?
  • Residential CCTV and Neighbours' Privacy Invasion

Connect to us on Facebook

Connect to us on Facebook

Read More

  • Some tips to avoid Facebook Identity Theft
  • What is a Decentralised Autonomous Organisation?
  • Blockchain for dummies
  • Watchout when Swiping Cards at POS machines
  • Data Classification: The Remedy to Data Breaches
  • Shocking: Cyber crime exceeds traditional crime in UK
  • What is a clickwrap agreement?
  • California Consumer Privacy Act (CCPA) for Beginners
  • Your Google Search History !
  • Facebook and Broken Promises of Data Protection

Subscribe to our Newsletter

Our recent posts

  • सोशल मीडिया पर फर्जी प्रोफाइल बनाने से संबंधित कानून
  • आपकी ऑनलाइन लेनदेन को सुरक्षित बनाने के लिए 5 टिप्स
  • आपके ईमेल अकाउंट को हैक करके कोई व्यक्ति क्या कर सकता है?
  • How to secure your LinkedIn account?
  • Decoding DeFi

Reach out to us for assistance!

contact@cyberblogindia.in
WhatsApp Helpline: +91 9340337396
Telegram Channel: https://t.me/incyberblog

In case of an offence against a woman/girl, for the sake of comfort, the victim may put forth a special request to get in touch with a female team member to assist her.

Guest Post Guidelines are available here. 

Connect to us on Facebook

Connect to us on Facebook
  • Home
  • Blog
  • Case Summaries
  • Services
    • Workshops
  • About
    • About Us
    • Objectives
    • Our Achievements
    • My Cyber Crime Story
    • Team
© 2021 Stellato Techno Legal LLP. All rights reserved.
Disclaimer: Be advised that we are neither a law enforcement agency nor a government organisation. The information available on this website shall not be construed as legal advice.