News

Google: only offering security questions for recovery is unsafe

By admin
Spread the love

Security questions for account recovery often provide a false sense of security. The questions should be easy to remember, but that ensures that malicious parties can quickly find out the answers. This is according to research by Google.

The company has investigated the workings of security questions, as this would never have been looked at in detail. This is strange, since countless sites use security questions to allow users to recover their accounts after losing passwords.

The Google employees analyzed “hundreds of millions” of Google account security questions and attempts to answer those questions. They found that difficult questions can hardly be guessed and are therefore useless in most cases. On the other hand, simple questions proved to be easy to guess, which did not benefit safety in any case.

The scientists looked at questions and answers from English, Spanish, Chinese, Portuguese, Russian, Korean and Arabic users. They found remarkable differences between languages ​​and cultures. For example, English speakers often answered pizza when asked what their favorite food was. As a result, malicious parties were able to gain immediate access to an account in 19.7 percent of the cases, according to the researchers’ paper.

In addition, the birthplace of Koreans was quicker to guess, simply because the Korean population is centered in fewer cities than is the case, for example, in the United States. This means that malicious parties managed to guess 39 percent of Koreans’ questions within ten attempts.

The Google employees advise against website owners to ask two security questions at the same time instead of one. The chance that malicious parties will be able to extract both answers is small, according to the researchers, but users are not so quick to rake up the answers. A total of 41 percent of users forgot one of the two answers.

Google advises site owners to offer a different form of recovery instead of security questions. Sending e-mails to an alternative e-mail address or sending text messages to a telephone are better alternatives, according to the company. Google has been offering both options to its users for quite some time now. Competitors such as Microsoft, Apple and Yahoo do the same.

You might also like
News

Apple has been working on its own search engine for years. It’s called…

News

Rumor: Apple is working on its own applications based on a large language model

News

Netflix is ​​also discontinuing the Basic subscription in the US and UK

News

Blizzard will release certain games via Steam, starting with Overwatch 2

News

EU Council determines position on security requirements for digital products

News

Microsoft and Activision Blizzard postpone acquisition deadline until October