LulzSec Strikes Again

Ralph DeFrangesco

In a recent study by Microsoft and Carnegie Mellon University, researchers have found that the answers to the secret questions we use on Web sites to verify and protect our identity are fairly easy to guess. In a study involving 130 people, 28 percent of people that the participants said were trusted parties were able to guess the answers to the supposedly secret questions those participants use. Even people not trusted by study participants had a 17 percent chance of guessing the correct answer to the secret questions. This research will be presented at the IEEE Symposium on Security and Privacy this week.

 

I think the problem goes much deeper. I made a quick list of accounts that the average person could conceivably have:

 

  • Work login
  • Personal e-mail
  • LinkedIn
  • Facebook
  • Library account
  • Cell phone
  • Kids' school
  • Your school
  • Bank account
  • 401k account

 

Let's face it, there could be many more and your situation may vary, but this is a good starting point. How do you remember the login and passwords for all of these accounts? Do you write them down? Do you use the same login and password for all of them?

 

Most people do rely on those secret questions. I have to say that I am not a fan of the "canned" secret questions. When you only offer a handful of questions, it increases an attacker's chances of guessing the correct answer. A quick Internet search on most people could reveal information that an attacker could use against them. I think the sites that allow you to create your own secret questions are far better. I would like to hear your opinion. Do you use the same questions for the majority of your accounts?

 


For more information on how to create better passwords, and how to create better password policies, see these documents available for download in the Knowledge Network:

 

Protecting Your Passwords

Enterprise Password Management Guide

Sample Password Policy



Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 
Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data


Thanks for your registration, follow us on our social networks to keep up-to-date