Digital Smarts - Google Warns Security Questions Aren’t Secure

Google researchers have found that many common security questions can be guessed within 10 tries, with a 20% chance of accuracy on the first shot. Using misinformation (answering questions like “where were you born?” with nonsense answers like “otters” or “icebergs”) is one solution, but researchers have found this often backfires, making questions easier to guess rather than harder. Of course, you then have to remember those nonsense answers. Research shows that using two different security questions reduced an attacker’s chance to correctly guess the answer within ten attempts to less than one percent, however users only remembered the answers to both questions 59 percent of the time. As the world of security moves forward, Google proposes avoiding security questions entirely, using backup codes sent via text message or other forms of two-factor authentication instead. It sounds like cumbersome procedure, but it may be an unavoidable necessity in the future.