Skip to main content
  1. Home
  2. Computing
  3. News

Google warns that security questions aren’t that secure

By

Though we mainly see them online these days, security questions predate the Internet by quite a bit. Banks, for example, have commonly used questions like “what is your mother’s maiden name?” since the beginning of the 20th century. There’s a problem though: Google says that despite their widespread use, security questions aren’t actually all that secure.

The main problem with security questions is that they’re either easy to remember or hard to guess, but very rarely both, according to a research paper Google recently presented at WWW 2015.

Recommended Videos

Google has a unique advantage when it comes to studying this subject, as it has access to a huge amount of data. A team of researchers analyzed “hundreds of millions” of questions and answers that had been used for Google account recovery claims, according to a post on the Google Online Security Blog.

Related: 
Best new movies to stream on Netflix, Hulu, Prime Video, Max (HBO), and more

The researchers found that many of the most common questions could be answered correctly within ten guesses, with a success rate between 21 and 39 percent, depending on the question. With a single guess, an attacker had a nearly 20 percent chance of guessing the answer to the question “what is your favorite food?” The usual answer? Pizza.

You may have seen advice that answering security questions with “wrong” answers is a better tactic, but Google’s researchers found that this often backfired, making the answers not harder but easier to guess, as many third parties choose the same false answers.

The problem is compounded by the fact that answers that are more difficult to guess are also more difficult to remember. Research shows that using two different security questions reduced an attacker’s chance to correctly guess the answer within ten attempts to less than one percent, but that users only remembered the answers to both questions 59 percent of the time.

So what are we supposed to do? Google proposes avoiding security questions entirely, using backup codes sent via text message or other forms of two-factor authentication instead. It isn’t as easy, but it is more secure.

For more information, see the full paper, enticingly entitled Secrets, Lies, and Account Recovery: Lessons from the Use of Personal Knowledge Questions at Google, which is available for free on Google Research.

Kris Wouk
Kris Wouk
Former Contributor
Kris Wouk is a tech writer, gadget reviewer, blogger, and whatever it's called when someone makes videos for the web. In his…
Topics

Editors’ Recommendations

Tim Allen promises they aren’t just making Toy Story 5 for the money
Several toys stare in horror in a scene from the Pixar film "Toy Story 3."

Every time you think the Toy Story franchise might be over, the fine folks at Pixar decide they should make another one. Toy Story 5 is now in production, and Tim Allen, who plays Buzz Lightyear in the franchise, has already done five hours worth of recording for it.

In an interview with Collider, Allen discussed his work on the new movie, saying that he was impressed by the idea for the film.

Read more
Quick Phrases won’t go away on your Pixel? You aren’t alone
The Google Pixel 9 Pro Fold's camera module.

Google Assistant is one of the most powerful parts of the platform. Just by saying, "Hey Google," you can follow up with a wide range of different voice commands. Sometimes you want to respond more quickly, though, so the Pixel 6 introduced a feature called Quick Phrases that makes it possible to respond to incoming calls and alarms with a simple, short command.

But all is not OK in Pixel Land, it would seem. Users are reporting the Quick Phrases bubble — a pop-up that prompts you to respond with "Stop," "Snooze," etc. — is lingering on-screen long after the point it should have disappeared, according to 9to5Google. The problem appears on both the Android 15 stable release as well as the QPR1 beta.

Read more
Discolored line on your new Kindle? You aren’t alone
Amazon Kindle Colorsoft Signature Edition on a table.

The new Kindle Colorsoft Signature Edition is the first full-color e-reader, and a lot of bookworms couldn't wait to get their hands on it. Sadly, many people are reporting the display has a discolored yellow area at the bottom of the screen. The problem is so widespread that the Kindle Colorsoft dropped to an average review rating of 2.6 out of 5, although it does remain the bestselling e-book reader at the moment.

The cause of the discoloration isn't clear. Some users report that it only happens when using the edge lighting feature on the Kindle, while others say it appeared after a software update. Either way, the yellowing is a problem, especially on a device that Amazon has marketed as being great for comics and graphic novel fans. It's hard to enjoy the colorwork in a comic when it's distorted.

Read more