Study Shows "Secret Questions" Are Too Easily Guessed

← Back to Stories (view on slashdot.org)

Study Shows "Secret Questions" Are Too Easily Guessed

Posted by kdawson on Monday May 18, 2009 @09:10PM from the name-of-your-late-great-aunt's-fifth-parakeet dept.

wjousts writes "Several high-profile break-ins have resulted from hackers guessing the answers to secret questions (the hijacking of Sarah Palin's Yahoo account was one). This week, research from Microsoft and Carnegie Mellon University, presented at the IEEE Symposium on Security and Privacy, will show how woefully insecure secret questions actually are. As reported in Technology Review: 'In a study involving 130 people, the researchers found that 28 percent of the people who knew and were trusted by the study's participants could guess the correct answers to the participant's secret questions. Even people not trusted by the participant still had a 17 percent chance of guessing the correct answer to a secret question.'" Schneier pointed out years ago how weird it is to have a password-recovery mechanism that is less secure than the password.

21 of 303 comments (clear)

Min score:

Reason:

Sort:

Don't use them by slart42 · 2009-05-18 21:13 · Score: 5, Funny

I don't think many people would guess the name of my first pet was OIYNTDttye7it867t&%&^%&^T(
1. Re:Don't use them by Anonymous Coward · 2009-05-18 21:20 · Score: 2, Funny
  
  I don't think many people would guess the name of my first pet was OIYNTDttye7it867t&%&^%&^T(
  Until now......
2. Re:Don't use them by impaledsunset · 2009-05-19 00:17 · Score: 2, Funny
  
  Being forced to enter "Ajkdua9uMNDiau9dfuJdjA(D82*27UAd89Z&DADAUIdjk" as your pet's name is certainly an inconvenience. At many sites you must actually enter it twice.
3. Re:Don't use them by dargaud · 2009-05-19 00:21 · Score: 4, Funny
  
  I always set the question to "What is my password?"
  I would set mine to "What is t1f2l3g4 ?" with the answer being "Not my password!"
  
  --
  Non-Linux Penguins ?
4. Re:Don't use them by Thaelon · 2009-05-19 00:39 · Score: 2, Funny
  
  I use the same password on my luggage!
  
  --
  Question everything
5. Re:Don't use them by Opportunist · 2009-05-19 01:36 · Score: 2, Funny
  
  itbGcthate
  Please tell me the answer.
  
  --
  We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
6. Re:Don't use them by CarpetShark · 2009-05-19 01:39 · Score: 3, Funny
  
  Also, neither would you. Hence, rendering the whole facility useless, and causing you extra inconvenience.
  Think how the dog feels, running to his bowl for food every time the fax machine starts a handshake.
Re:Breaking news by Zero__Kelvin · 2009-05-18 21:33 · Score: 3, Funny

"I usually use something personal enough so that nobody else, even my girlfriend, knows the answer."
You just gave it all away! Now we know that the question was "what is your sexual orientation" ...

--
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
I agree by jez9999 · 2009-05-18 21:34 · Score: 5, Funny

Secret questions are way to easily guessed. They should just stick to the most reliable password of all, mother's maiden name. Who the hell else would know that?

--
== Jez ==
Do you miss Firefox? Try Pale Moon.
1. Re:I agree by TRS80NT · 2009-05-19 02:32 · Score: 2, Funny
  
  Somehow my idiot brother was able to figure it out. Bummer.
  
  --
  Lorem ipsum dolor sit amet.
Re:random answers by rolfwind · 2009-05-18 21:35 · Score: 3, Funny

Question: What is your favorite color?
#0099CC
Re:random answers by Anonymous Coward · 2009-05-18 21:40 · Score: 1, Funny

Ha! Now I've got your password, sucker!
Re:random answers by Fex303 · 2009-05-18 21:43 · Score: 2, Funny

Question: What is your favorite color?
#0099CC
Great. Now I have to change the combination on my briefcase...
My Qs by Daimanta · 2009-05-18 21:46 · Score: 3, Funny

Q What is the highest prime number?
Q In 60 characters, prove Goldbach's conjecture
Q How many palindromic primes are there in base-10?
Q What is the lowest Sierpinski numer?
Q Solve the Happy Ending problem for arbitrary n
Q Prove or disprove that the Euler-Mascheroni constant is irrational in 60 chars.
Crack my account and I'll use your idea ^^

--
Knowledge is power. Knowledge shared is power lost.
1. Re:My Qs by MightyDrunken · 2009-05-18 23:47 · Score: 2, Funny
  
  No these are far too easy. Want we want are SECRET QUESTIONS, not answers. Mine is, "The answer is 42. What is the question?".
  
  --
  The most dangerous drug
Re:You do have secrets... by pjt33 · 2009-05-18 21:58 · Score: 4, Funny

Yes, but "Where are the bodies buried?" isn't really the question you want to choose for password recovery.
Re: the book is a huge, boring French novel by neonsignal · 2009-05-18 21:59 · Score: 2, Funny

That's a bit much. I rather enjoyed reading Les Miserables.
Study... by nog_lorp · 2009-05-18 22:52 · Score: 2, Funny

Is this the study that was conducted by 4chan during the election? Where they found that 100% of Sarah Palins have easily guessed Yahoo mail security questions?
Re:I use a physical book. by dword · 2009-05-18 23:01 · Score: 2, Funny

Even better: check out the definition of paranoid I just found on Slashdot!
Re:Breaking news by Anonymous Coward · 2009-05-18 23:34 · Score: 1, Funny

I thought the question was "What is my offline name?"
Re:I got one by silent_artichoke · 2009-05-19 02:11 · Score: 2, Funny

Yeah, nobody would guess Natalie Portman...