Forgot the fake answer you made up to that online security question?
Turns out you’ve got plenty of company. A new study by Google looked at millions of users and found that 40 percent could not remember the answer to a security question when they needed it.
It’s not only memorability that’s a problem. Security questions aren’t really all that secure.
According to the study, “Statistical attacks against secret questions are a real risk because there are commons answers shared among many users. For example using a single guess an attacker would have a 19.7% success rate at guessing English-speaking users’ answers for the question ‘Favorite food?’"
About 16 percent of the answers to common security questions are accessible online, such as through social networking sites. “Even if users keep data private on social networks, inference attacks enable approximating sensitive information from a user’s friends,” said the study.
Public records provide common answers too; for example birth and marriage records are a source of mothers’ maiden names for at least 30 percent of Texas residents.
Researchers found that “it appears next to impossible to find secret questions that are both secure and memorable.”
While the study concludes that security questions still can be useful, researchers suggest they be used with other methods, such as SMS or e-mail based recovery procedures.
This story, "The trouble with those online security questions you like to use" was originally published by Fritterati.