Security Questions Secure?

June 24, 2009

Found this fun read on SFGate.

So here’s a thing: According to New Scientist, the British journal of cool new facts, researchers at Microsoft did an interesting little study: “Acquaintances of 32 webmail users – people with whom they would not normally share their login details – were asked to try and guess the answers users assigned to protect their accounts. The volunteers managed to guess correctly nearly a fifth of the time, raising questions over how secure the commonly used system is.”

Ad the interesting part…

The Microsoft researchers, however, had a better plan, they thought: “Under the new system proposed by Stuart Schechter and Rob Reeder at Microsoft, users select several ‘trustees.’ If a user becomes locked out of their account their trustees receive a message asking them to download a ‘recovery code.’ The user must collect codes from multiple trustees to unlock their account.

“A group of 19 Hotmail users trialed the system and 17 successfully regained access to their Hotmail account. That 90-per-cent success rate compares favourably to [the] 80-per-cent success rate of the standard secret question system, say Schechter and Reeder. In the trial, most users recovered their accounts within two days.”

Posted by Mike
Filed in Uncategorized
Leave a Comment »
Follow

Get every new post delivered to your Inbox.