If you have already created an online account, probably also had to set a security question, such as “ What is the name of his teacher 1st grade? “, “ What is the first surname of his mother? “or” What is the name of your first pet? “. But despite spending to a certain degree of confidence, a survey released by Google on Thursday showed that they are not very good at what they propose to do, which is to help the user in recovery access to an account
According to the article signed by engineers Elie Bursztein and Illan Caron, the answers to many of them are almost always either unsafe or difficult to remember -. which makes them unreliable for use “as one account recovery mechanism.”
The conclusion came after Elie Bursztein and Ilan Caron engineers analyze hundreds of millions of questions and solutions defined by users. The study revealed that hackers have nearly 20% chance of hitting, first, the question “What is your favorite food?” Done in English, since this is the percentage of users who choose “Pizza” answer. And this is only one example.
In ten attempts, an attacker has 39% chance to guess the solution to the question “In what city were you born?” In Korean. This number still increases to 43% when the question is “What is your favorite food?”. That is, the answers hardly vary, which makes them unsafe. The problem extends even in questions involving phone numbers, for at least 37% of users report false combinations to facilitate their lives or “difficult” to hacker.
But what if the solutions more complex? According to the article, but they are safer. However, users are rarely able to keep the answers in memory: at least 40% of English speakers could not recall them when necessary, for example. Therefore, “difficult questions and answers are not very usable,” which puts them at the same level of easy. And it shows that opt for account recovery codes sent by SMS or email can be more intelligent.
No comments:
Post a Comment