Online security questions are too easy to answer
- 10 March, 2010 02:10
- Comments
Security questions that allow web users to access online accounts if they forget their passwords can easily be answered by hackers willing to spend time surfing the web, say researchers at the University of Cambridge.
A study conducted by the university found that hackers can successfully access one in 80 accounts if given three attempts to provide answers such as the maiden name of the web user.
Joseph Bonneau from the University of Cambridge, told the BBC: "We measured how hard it was to guess answers. The numbers were worse than we thought."
Bonneau suggested many of the answers to the popular security questions could be found online using social networking sites.
"This assumes there is one account you want to break into and you are willing to spend a couple of hours finding out about this particular person."
Bonneau said more complex security questions were needed, or in some cases, web users should be required to submit answers to three questions to access an account.
"The chance of guessing three things simultaneously is pretty low."
See also: Analysis: Why social networking sites threaten security
- Bookmark this page
- Share this article
- Got more on this story? Email TechWorld
- Follow TechWorld on twitter
-
Eight easy extras for IE8
-
Coalition NBN better or worse?
-
CSIRO develops hands-free technology for mining repairs
-
Broadband Forum to improve IPTV performance with new spec
-
Amazon Web Services moves backups to cloud with new appliance
-
Computers for Seniors for Dummies, 2nd Edition
-
Office 2007 All-In-One Desk Reference for Dummies
-
MYOB Software for Dummies 6E Australian Edition
-
Excel 2007 All-In-One Desk Reference for Dummies
-
Microsoft Office
-
Windows 7 for Seniors for Dummies®
-
Windows 7 for Dummies® Dvd+book Bundle
-
Windows 7 for Dummies®
-
Office 2007 for Dummies
Comments
Post new comment