There have been studies in the past that have shown just how poorly passwords hold up on the Internet, as efforts to defeat them continue to grow more powerful. Similarly, security questions have been found to be just as lackluster in terms of thwarting those malicious login attempts, says Google. The tech giant took a look at some of the biggest security questions in the world and decided to take a crack at them to see just how they would stack up against each other. The findings were pretty impressive.
The study found that, as Google pointed out, “Secret questions are neither secure nor reliable enough to be used as a standalone account recovery mechanism.” That means that the answers are typically pretty simplistic. For example, Google found that for Americans and the famous, “What’s your favorite food” question, the answer was pizza around 20% of the time. The link to language doesn’t stop there, either. Google found that when it comes to Spanish speaking users, guessing the middle name of an individual is likely to happen in 21% of the cases.
The study also found that people tend to skip around the process to avoid having to actually think about the answers. In fact, the study suggested that users typically will use the same question and answer combination for everything – or that they will use the same questions over and over again in an effort to simplify the process. This is most notable when it’s an account or system that isn’t used that frequently and remembering the answers could be difficult.
If the point is to make the Internet more challenging to hack, and make accounts safer – Google has proven at this point that security questions aren’t a good answer. Instead, they prove to be a greater liability than they do a realistic solution to a problem. The other major problem that Google found was that 40% of English speaking users couldn’t remember their security questions or answers at all. This is the problem that needs to be addressed. At this point, better solutions need to be found – other than passwords and security questions. Neither are working the way they’re supposed to, and at this point they’re becoming a liability, as various entities put more effort into making these things the front lines of online security.
Some of the suggestions that have argued that more questions are needed to really address the problem as it sits today. Also, they suggested that there be additional resources out there to actually address the concerns people have when it comes to passwords and security questions. There need to be better methods to keeping our online data secure, if these methods are going to be challenged so easily.