Google: Your Password Security Questions Are Terrible - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Comments
Google: Your Password Security Questions Are Terrible
Newest First  |  Oldest First  |  Threaded View
Page 1 / 2   >   >>
mak63
50%
50%
mak63,
User Rank: Ninja
6/1/2015 | 6:44:12 PM
Re: The smarts with the user have to be
@yalanand
You beat me to it. If people invent any answer they want, how are they gonna remember it?
SunitaT0
50%
50%
SunitaT0,
User Rank: Ninja
5/31/2015 | 2:25:13 PM
Re: The smarts with the user have to be
@yalanand: Right you are. People wouldn't want to complicate things with complicated passwords. What we need is identity management. 
stevew928
50%
50%
stevew928,
User Rank: Ninja
5/29/2015 | 1:55:37 AM
Re: This can still work
Tell him... two words... password manager!
Broadway0474
50%
50%
Broadway0474,
User Rank: Ninja
5/28/2015 | 11:38:46 PM
Re: This can still work
This sounds like the plot to a science fiction movie or fantasy movie where a ghost or someone in the future tells a liaison some secret detail about another person --- something no one else would know but them --- in order to earn their trust. (Didn't that happen in the movie Ghost?) Anyway, there's got to be facts about a person that no one else would know but them ... it may take personalized questions with more than one-word responses, but it's gotta be possible.
vnewman2
50%
50%
vnewman2,
User Rank: Ninja
5/28/2015 | 4:23:21 PM
Re: This can still work
I have a colleague who cannot remember his gmail password or the obscure answers to the security questions he created.  Lucky for him his ipad automatically logs him in so he can read his mail from there.  Otherwise he's locked out.  Gmail has told him he's basically out of luck.  This is what happens sometimes when you try to outsmart everyone - including yourself.  It's a very interesting dynamic.
tzubair
50%
50%
tzubair,
User Rank: Ninja
5/25/2015 | 5:41:19 PM
Re: This can still work
" However, if someone wants to get into YOUR stuff, this is about the most crazy protection method around, as most of the questions are stuff the attacker could easily figure out."

@stevew928: I agree. Most of the times the attackers are launching general targets because they often have no fixed information about which account is the most and the least secure in the network. However, once an individual system is compromised, essentially the whole network becomes vulnerable.
jastroff
50%
50%
jastroff,
User Rank: Ninja
5/25/2015 | 12:52:59 PM
Re: Worst ever... insecure BY DESIGN!
I never thought of using my pw manager for this purpose, but you do have a point

>>  That said, you can actually make them pretty sucure if you just ignore what they are and make up your own rules. Just pick one of the questions and have your *password manager* (You're using one of those, right?) fill in some random text as the answer.

 
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
5/25/2015 | 7:53:43 AM
Agreed
My bank actually uses one of the securiy questions mentioned in this piece. I keep waiting for them to put something more complicated in there but nope, still going strong years later. Fortunately I lie on mine with something nonsensical to make it a bit harder at least. 
stevew928
50%
50%
stevew928,
User Rank: Ninja
5/23/2015 | 1:56:15 PM
Re: This can still work
That's why I said 'targeted' attack. Yes, most attempts to steal data are just looking for weak points, using automations, etc. ie: going after no-one in particular. However, if someone wants to get into YOUR stuff, this is about the most crazy protection method around, as most of the questions are stuff the attacker could easily figure out.
yalanand
50%
50%
yalanand,
User Rank: Ninja
5/23/2015 | 1:44:02 PM
Re: The smarts with the user have to be
@pabbott: well its pretty basic that most people use the correct answer because that is what they can remember. KingOfSouthAmerica is something you won't remember half the time. 
Page 1 / 2   >   >>


2020 State of DevOps Report
2020 State of DevOps Report
Download this report today to learn more about the key tools and technologies being utilized, and how organizations deal with the cultural and process changes that DevOps brings. The report also examines the barriers organizations face, as well as the rewards from DevOps including faster application delivery, higher quality products, and quicker recovery from errors in production.
News
The State of Chatbots: Pandemic Edition
Jessica Davis, Senior Editor, Enterprise Apps,  9/10/2020
Commentary
Deloitte on Cloud, the Edge, and Enterprise Expectations
Joao-Pierre S. Ruth, Senior Writer,  9/14/2020
Slideshows
Data Science: How the Pandemic Has Affected 10 Popular Jobs
Cynthia Harvey, Freelance Journalist, InformationWeek,  9/9/2020
Register for InformationWeek Newsletters
Video
Current Issue
IT Automation Transforms Network Management
In this special report we will examine the layers of automation and orchestration in IT operations, and how they can provide high availability and greater scale for modern applications and business demands.
White Papers
Slideshows
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll