Digital Smarts - Google Warns Security Questions Aren’t Secure

You are here

Error message

  • Deprecated function: Creation of dynamic property MemCacheDrupal::$bin is deprecated in MemCacheDrupal->__construct() (line 30 of /var/www/html/docroot/sites/all/modules/contrib/memcache/memcache.inc).
  • Deprecated function: Creation of dynamic property MemCacheDrupal::$wildcard_flushes is deprecated in MemCacheDrupal->reloadVariables() (line 637 of /var/www/html/docroot/sites/all/modules/contrib/memcache/memcache.inc).
  • Deprecated function: Creation of dynamic property MemCacheDrupal::$invalidate is deprecated in MemCacheDrupal->reloadVariables() (line 638 of /var/www/html/docroot/sites/all/modules/contrib/memcache/memcache.inc).
  • Deprecated function: Creation of dynamic property MemCacheDrupal::$cache_lifetime is deprecated in MemCacheDrupal->reloadVariables() (line 639 of /var/www/html/docroot/sites/all/modules/contrib/memcache/memcache.inc).
  • Deprecated function: Creation of dynamic property MemCacheDrupal::$cache_flush is deprecated in MemCacheDrupal->reloadVariables() (line 640 of /var/www/html/docroot/sites/all/modules/contrib/memcache/memcache.inc).
  • Deprecated function: Creation of dynamic property MemCacheDrupal::$cache_content_flush is deprecated in MemCacheDrupal->reloadVariables() (line 641 of /var/www/html/docroot/sites/all/modules/contrib/memcache/memcache.inc).
  • Deprecated function: Creation of dynamic property MemCacheDrupal::$cache_temporary_flush is deprecated in MemCacheDrupal->reloadVariables() (line 642 of /var/www/html/docroot/sites/all/modules/contrib/memcache/memcache.inc).
  • Deprecated function: Creation of dynamic property MemCacheDrupal::$flushed is deprecated in MemCacheDrupal->reloadVariables() (line 643 of /var/www/html/docroot/sites/all/modules/contrib/memcache/memcache.inc).

Google researchers have found that many common security questions can be guessed within 10 tries, with a 20% chance of accuracy on the first shot. Using misinformation (answering questions like “where were you born?” with nonsense answers like “otters” or “icebergs”) is one solution, but researchers have found this often backfires, making questions easier to guess rather than harder. Of course, you then have to remember those nonsense answers. Research shows that using two different security questions reduced an attacker’s chance to correctly guess the answer within ten attempts to less than one percent, however users only remembered the answers to both questions 59 percent of the time. As the world of security moves forward, Google proposes avoiding security questions entirely, using backup codes sent via text message or other forms of two-factor authentication instead. It sounds like cumbersome procedure, but it may be an unavoidable necessity in the future.