A group of computer science researchers conducted a study and they were able to conclude that there is a great chance that hackers can deduce answers to common password reset questions without any difficulty.

 

Conventional question incurs greater risk

 

Joseph Bonneau of University of Cambridge, together with the two other researchers from University of Edinburgh, wrote a paper entitled “What’s in a Name? Evaluating Statistical Attacks on Personal Knowledge Questions”. Through the study, it was proved that a hacker has an approximately 1 out of 80 chances of getting the right answer for the reset questions in just three trials. These personal questions include the mother’s maiden name and the school where the person first studied.

 

The study of by these researchers was conducted by browsing through 270 million pairs of first and last names from the popular social networking service, Facebook. The conclusion was drawn due to the existence of a subject or a previous relationship that allows hackers to easily guess the answer to security questions.

 

Online community is not as safe anymore

 

During the time of 2008 presidential election, Sarah Palin’s Yahoo! webmail was hacked and this had a great impact on the online community. Based on the study, publicly-available information was used in order to answer the security reset questions of her account. Also, Bonneau’s study proves that there is a big probability that a hacker can access personal accounts by answering reset questions without any previous knowledge or information about the subject.

 

Tighter security is necessary

 

The research, carried out by Bonneau and two of his colleagues, concentrates mainly on the security system of social networking services. And based on the results of the study, they recommend that these sites update their reset password questions into something that is more protected.

 

The researchers believe that establishing multiple questions will lessen the hacking incidents online. Another way of increasing security is through sending of text messages using mobile phones when resetting account passwords.

 

Dangers brought about by hacking

 

Invasion of privacy is just one of the many concerns in the occurrences of hacking through the reset password question. There is also a greater threat since these webmails may contain serious data like a method of accessing through online bank accounts.

 

Browse through our website for more information: About SecPoint, SecPoint Press, and SecPoint Awards.