Online safety compromised by use of 'weak' security questions
Questions which serve as security checks on websites need to be replaced by more complex tests to establish a person’s identity, say researchers.
A study has shown how easy it is to guess the answer to common questions, such as someone’s mother’s maiden name.
It found attackers will be able to break into 1 in 80 accounts if they get three chances to guess the answers to security questions.
“The numbers were worse than we thought,” said Joseph Bonneau, the lead researcher on the study.
Many websites, including those of banks, credit card firms, webmail providers and others, use the supplementary questions when changes are made to an account.
In the case of many internet service providers, they can be used to overwrite an existing password without knowing what it is.