Answers to "Secret Questions" too easy to guess

If you've ever signed up for any web services, chances are that you've been asked to select a "Secret Question" and to key in a corresponding answer as a secondary means of resetting your password. While this seems like a good way to protect against forgetfulness, the truth is that your answers to these secret questions are typically not as secure as you think they are.

In a study involving 130 people, researchers from Microsoft and Carnegie Mellon University found that 28 percent of the people who were trusted by the study's participants correctly guessed the answers to the participants' secret questions. Even people not trusted by the participant had a large, 17 percent, chance of guessing the correct answer to a secret question. The conclusion here is that secret questions alone are not adequately secure.

Personally, I have always resorted to typing in a string of gibberish when confronted with a "Secret Question." What about you? Is the answer to your secret question too easy to guess?

For more on this story:
- check out this article at Technology Review

Related Articles:
Deal with password theft
Can your former workers be trusted?
IT security tops as a budget priority