Password recovery questions are great to recover a forgotten password in a matter of seconds. All that needs to be done is to answer the password recovery question to receive a new password in the email inbox. This does however make email hacking a profitable business as email accounts are usually connected to online stores and other web services. Attackers with access to a compromised email account only need to answer the secret question to retrieve the password of the web account. This matter is definitely more secure than sending out the password without confirmation on the user’s request.
A recent study  shows on the other hand that password recovery questions are usually answered honestly. Questions about the birth town, mother’s maiden name or first animal name can sometimes be easily guesses. The study asked acquaintances of 32 webmail users to guess the answer to the secret question. Roughly 20% of these answers were guessed correctly.
Password recovery questions should therefor not be answered honestly. Experienced users fill them out with password like characters which makes the answers more or less impossible to guess. These answers can then be stored in password managers as notes.
How do you handle password recovery questions?
- Password Recovery Speeds  (0)
- Outlook Express Password Recovery  (0)
- Ultra High Security Password Generator  (4)
- Truemark Email Identification  (5)
- Temporary Email from BugMeNot  (2)
Continua a leggere – Original Link: Password Recovery Questions Make Online Accounts Vulnerable