Our security blankets have a few holes in them

Take a moment and see if you can get a friend to tell you their mothers middle name. This might be done by asking them if the name was such and such and having them reply with what it actually is. Such a simple trick and you have one of the answers to what might be one of your friends recovery questions. If the scenarios were to work out in such a manner, you might even be able to simply pull that information off of said friends Facebook account. Too often we put the keys to our accounts in plain sight and expect nobody to test them on the doors of our accounts. One insecure question and an attacker might have access to your email, the central hub of access to everything you are connected to.

The issue here is that recovery questions are present for us to use in case we have a problem and lose access to something. These questions are thus like leaving a key under the jar by the back door. In order for these questions to work effectively and fulfill their purpose, though, they have to be memorable. By being memorable, though, they fall into certain standards that make them dramatically easier for hackers to guess. In some recent statistics taken by google. With 10 guesses, a hacker had a 24% chance of guessing an arabic speakers answer to “What’s your first teachers name?”, a 21% chance of guessing a spanish speakers answer to “What is your father’s middle name?”, and a whooping 39% chance of guessing a korean speaker answer to “What is your city of birth?. A one-in-five chance of guessing an english speakers favorite food begs the question, “Are security questions a thing of the past?”

The fact of the matter is that there will always be a need for secondary access to accounts because of information loss. A fifteen character alphanumeric password provides an immense amount of security. takes into account the number of tries a typical desktop computer can make per second and calculates roughly how much time it would take to brute force a password. According to them, the password UQ8NN2eC47j334q would take roughly 6 billion years to brute force. Thats also if they can infinitely retry with no consequences. Being so secure, this is where account recover comes into play, and also becomes less secure. Adding in a second question to answer actually dropped the chance of getting hacked down to a miniscule 1% but also dropped the actual owners chance of getting in from 75% to a little more than 50%. As Google suggested, it is very important to include things like a phone number so that security codes can be sent to them as an alternate form of identification. while accounts can be hacked into, phone numbers can’t be rerouted for this exact reason. Thus, the security code serves as a heads up and as a verification form for users.

One of the easiest ways to deal with these issues is to use questions that are ambiguous to anyone besides you. Asking the middle name of “Dustin” is a hard question to guess because, unless there is only one dustin that you know, there a few answers to this. Even a personal nickname you have for somebody could be a fitting answer. The way to get around this problem is to make sure that whatever you chose is not something that another could guess from looking at your facebook page.  Just try to remember that if a friend knows your answers or a lot about you, then they could probably get into your accounts without your consent or knowledge.