Poor security questions put e-mails at risk

Subscribe to Oneindia News

London, Mar 9 (ANI): Experts have warned that hackers can comfortably crack questions used as security checks in webmails.

Joseph Bonneau, a security researcher at the University of Cambridge, insists that attackers can break into at least 1 in every 80 accounts if they get three chances to guess answers.

"The numbers were worse than we thought," the BBC quoted him as saying.

He recommends webmail firms to replace simple answers with more complex tests to confirm a person's identity.

Bonneau teamed up with Mike Just and Greg Matthews, from the University of Edinburgh, to check how frequently attackers can be successful in answering security questions.

The researchers claim that hackers are successful in getting answers to security-check questions correct every 80 accounts, as information people use as answers are often publicly accessible, such as US marriage and birth records which were viewable online for a long time.

He said: "We measured how hard it was to guess answers. Asking what was the name of someone's first grade teacher seems like a secure choice. The problem is that there's a tonne of teachers out there named Mrs Smith."

Bonneau warns that cyber criminals maintain a long lists of e-mail addresses to attack.

He added: "They have the big list and most of them they will not get enough access to.

"Webmail was never really designed for security but it is taking on a pretty important security role. Once you have an e-mail account you can take over a lot of other things with it."

However, the researchers believe Webmail firms can tighten their security.

Bonneau explained: "They can make guessing a lot harder if they shape the answers that they allow. Such as not letting you register Smith as an answer."

"The chance of guessing three things simultaneously is pretty low'.

Websites such as Google, are already sending reset passwords by text message in a bid to protect the account of its users. (ANI)

Please Wait while comments are loading...