Weak security ID questions put e-mail at risk (BBC News)


  • Global Moderator
  • Hero Member
  • *****
    • Posts: 71010
    • Gender:Female
  • Vicky Papaprodromou
Weak security ID questions put e-mail at risk

Some webmail firms are sending reset passwords via text message

Questions used as security checks on websites need to be replaced by more complex tests to establish a person's identity, say researchers.

A study has shown how easy it is to guess the answer to common questions, such as someone's mother's maiden name.

It found attackers will be able to break into 1 in 80 accounts if they get three chances to guess answers.

"The numbers were worse than we thought," said Joseph Bonneau, the lead researcher on the study.

Guess list

Many websites, including banks, credit card firms, webmail providers and others, use the supplementary questions when changes are made to an account.

In the case of many e-mail providers, they can be used to overwrite an existing password without knowing what it is.

Mr Bonneau, a security researcher at the University of Cambridge, said many other researchers had investigated the security of these questions.


Full article at: http://news.bbc.co.uk/2/hi/technology/8552622.stm


Search Tools