Your Peace of Mind is our Commitment

Contact Us English Recent Articles

Forget Secret Questions

First published: 30th June 2009

Researchers at Microsoft have published a paper on the security of personal questions used a backup passwords. They asked participants to answer the questions used by the biggest webmail providers: AOL, Google, Microsoft, and Yahoo!, and then asked acquaintances of the participants to guess the answers. The acquaintances were able to guess 17% of the answers. The participants forgot 20% of their own answers within six months. 13% of the answers could be guessed within five attempts by guessing the most popular answers of other participants.

So, these 'secret questions' are not secure, and they don't do the job. Commentators, including Bruce Schneier and Allan Dyer have pointed out perceived weaknesses of these schemes before, but it is good to see some actual research on the issue.


More Information