Password Recovery Questions Make Online Accounts Vulnerable

1 Lug/09

Password recovery questions are great to recover a forgotten password in a matter of seconds. All that needs to be done is to answer the password recovery question to receive a new password in the email inbox. This does however make email hacking a profitable business as email accounts are usually connected to online stores and other web services. Attackers with access to a compromised email account only need to answer the secret question to retrieve the password of the web account. This matter is definitely more secure than sending out the password without confirmation on the user’s request.

A recent study shows on the other hand that password recovery questions are usually answered honestly. Questions about the birth town, mother’s maiden name or first animal name can sometimes be easily guesses. The study asked acquaintances of 32 webmail users to guess the answer to the secret question. Roughly 20% of these answers were guessed correctly.

Password recovery questions should therefor not be answered honestly. Experienced users fill them out with password like characters which makes the answers more or less impossible to guess. These answers can then be stored in password managers as notes.

How do you handle password recovery questions?

Tags: , , , , , , ,

Related posts

Continua a leggere – Original Link: Password Recovery Questions Make Online Accounts Vulnerable

Technorati Tags: , , , , , , , ,

Realizzazione Sito Gestionale Immobiliare

Leggi Anche

Condividi in DeliciousCondividi in DiggCondividi in RedditCondividi in StumbleCondividi in MixxCondividi in Tecnorati


I commenti sono disabilitati per questo articolo.

I commenti sono chiusi.


    Spina Rosario
    Inserito da


Iscrizione Newsletter

    Tieniti informato http://con tutte le novità del mondo informatico con la nostra newsletter


    Auto Shop Italia
    Web Burning Blog
    Info Privacy