Google has been doing some research in to just how effective security questions are. The results were published this week, showing that apparently, account security questions aren’t that secure and in some cases could be guessed by attackers in ten guesses or less.
Additionally, if you use a fake answer to throw someone off, then that could actually make it easier for an attacker to get in, as you are likely going to choose a common word that is easy to remember. Security questions are standard practise for pretty much every account you create online, with some sites requiring that you have at least two security questions.
Google doesn’t think that multiple security questions is the right approach since that would increase the likelihood of someone forgetting one of their answers and end up locked out of an account.
What could be a good replacement is SMS codes or alternate email addresses. Although not many people will have two email addresses that they use regularly.
You can read Google’s full report, HERE.
Discuss on our Facebook page, HERE.
KitGuru Says: Google is always looking at ways to make users more secure on the wider web. However, even if security questions aren’t the best method, they are so widely used that I doubt they’ll go away any time soon.