Secret questions are insecure and easily forgotten

Google performs a large-scale empirical data analysis of secret questions based on their deployment at Google and results show that secret questions generally offer a security level that is far lower than user-chosen passwords. It turns out to be even lower than proxies such as the real distribution of surnames in the population would indicate. Surprisingly,  a significant cause of this insecurity is that users often don’t answer truthfully. A user survey revealed that a significant fraction of users (37%) who admitted to providing fake answers did so in an attempt to make them “harder to guess” although on aggregate this behavior had the opposite effect as people “harden” their answers in a predictable way.

Read Google’s full analysis here – http://static.googleusercontent.com/media/research.google.com/en/us/pubs/archive/43783.pdf

Leave a Comment

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top