elesh modi question-mark

Life is full of little ironies. To give a couple of boilerplate examples, you drive on a parkway and park on a driveway. Beethoven, possibly the greatest musical composer who ever lived, was deaf. According to a recent article in TechCrunch, a recent Google study discovered that we can add another one of these to the list. Security questions aren’t all that secure.

Really, security questions are just meant to add an extra layer of security to a given account. So if one is prompted to answer one of these questions (What’s your First Grade teacher’s name? What was the first street you lived on? We’ve all seen these) after you’ve already answered a correct password, it could serve this purpose. But from the article: “Looking at ‘hundreds of millions’ of these questions and their answers from Google users who tried to recover their accounts, the team concluded that ‘secret questions are neither secure nor reliable enough to be used as a standalone account recovery mechanism.’”

Some stats included in this write up are pretty interesting. Apparently, almost 20% of Google users used “pizza” as the answer to a question about their favorite food. I don’t think most people are comfortable with someone having a 1 in 5 chance of gaining access to their account. In an effort to counter this many companies, especially secure email services and bank or financial company profiles, use SMS backup codes that are sent as text messages to phone numbers associated with accounts. This obviously seems more secure than, say, asking what someone’s first pet’s name was.