According To Google, Your Secret Questions Aren’t Secure
For years, one of the barriers that we’ve set up against hackers took the form of secret questions. “What’s your mother’s maiden name?” or “Who was your best friend in high school?” are questions that we often put answers to in order to lock down access to our accounts, but according to Google’s study, they aren’t doing very much to keep our information safe from harm. Google theorizes that the problems that come with secret questions are born from the shared answers that so many people have. For example, for the question “What’s your favorite food?” Google found that hackers have a 19.7 success rate at just guessing the answer.
Google identifies the biggest problem with secret questions to be their very ability to be memorable. With the entire point of secret questions being their ability to be memorable, this calls into question their very existence. We have plenty of other ways to lock down accounts; why make something so inherently insecure the only barrier to hackers that we have?
Google points out that it’s “next to impossible to find secret questions that are both secure and memorable,” but what about answers that are totally untrue? Surely if we fib to our secret questions it will be harder for hackers to crack them, right? Unfortunately, no. In Google’s study, it was shown that around 37% of people surveyed provide untruthful answers to their secret questions in an attempt to make them harder to guess. While that works in theory, Google’s study shows the problem is that most of those people try to harden their answers in a way that’s easy to predict. To the question “What’s your frequent flying number?” Google found that hackers have a 4.2% success rate of guessing it, because people often will choose the same fake answers.
While Google doesn’t think that secret questions are completely devoid of use, conceding that they’re fine when implemented with other security measures. But if you’re using a website that has secret questions as their only defense against hackers, it’s time to change up your password to something harder to crack.