"Secret" questions - a parody of security
Recently, there have been several high-profile hacks (including hacking of Sarah Palin's mailbox ) by selecting the correct answer to the “secret” question. The word “secret” here in quotes is no accident, because in fact these questions do not at all fulfill their function of reliable user authentication. To prove this, researchers at Carnegie Mellon University conducted a small study, the results of which were announced at the recent IEEE Security Symposium .
It turned out that in 28% of cases the “secret” answers of the study participants can be easily picked up by their friends, relatives or other people whom they trust. And in 17% of cases, even people whom the research participants do not trust, that is, practically strangers, successfully select “secret” answers. Thus, the reliability of this "method of protection" does not exceed 72-83%.
Well-known security expert Bruce Schneier many years ago said that it was just idiocy when the password recovery system is less secure than the password itself. Since then, the situation has not changed at all.
')
via Slashdot
It turned out that in 28% of cases the “secret” answers of the study participants can be easily picked up by their friends, relatives or other people whom they trust. And in 17% of cases, even people whom the research participants do not trust, that is, practically strangers, successfully select “secret” answers. Thus, the reliability of this "method of protection" does not exceed 72-83%.
Well-known security expert Bruce Schneier many years ago said that it was just idiocy when the password recovery system is less secure than the password itself. Since then, the situation has not changed at all.
')
via Slashdot
Source: https://habr.com/ru/post/60139/
All Articles