What was the name of your first childhood friend? The city where your father was born? What is your favorite TV show? Your mother’s maiden name? What was the name of your first pet? Here is the real question: what makes users think these types of security questions are going to assist in securing your important accounts?
Unfortunately, the truth is that the security questions heavily relied upon by businesses, websites, and other vital accounts, may have significant security issues. Continue reading to learn what these issues are and what other alternatives can be used instead.
What is so bad about security questions?
In reality, security questions are just ineffective in today’s advancement of technology. Cybercriminals can quickly obtain necessary information from victims through phishing scams. More than likely, hackers will attempt to break into bank accounts. By successfully phishing a victim, the cyber attacker can obtain account information from the victim’s bank or financial institution. Also, possibly even the victim’s access credentials such as a username. With login information, such as a username, cybercriminals can quickly obtain their victim’s password. By clicking “Forgot Password?”, cyber attackers can see the possible security questions that the victim may have selected. Often, hackers can find these answers via the victims or their family/friends social media accounts.
Many people are unaware that their online presence can tell complete strangers a lot about themselves. This is part of the danger that comes with posting personal information on social media. Privacy is also entrusted to the platforms that are used and the websites that are commonly used which can also fall victim to cyber criminals.
It gets worse…
A study by Google in 2015 revealed that answers to these security questions are easily predictable.
For example, the study found that with one guess and the knowledge that the user speaks English, there was a 19.7% chance of correctly answering the security question, “What is your favorite food?”. There was a 24% chance of correctly answering the question, “What was your first teacher’s name?” with ten opportunities to answer and the knowledge that the user speaks Arabic. With ten guesses and the understanding that the user speaks Korean, there was a 43% chance of correctly answering the security question, “What is your favorite food?”.
Some technical skill and luck are required on the hacker’s part but some of the answers to security questions can easily be found online. Therefore, It is important to remember not to overshare personal information online.
What can be used instead of security questions?
There are better alternatives to help keep businesses and accounts secure. Some companies utilize multi-factor authentication and/or biometrics. These options can make it easier for you to access your accounts while making it difficult for hackers.