Say you`re trying to access account that you don`t access too often and which has a completely different password than the ones you usually use. Let`s also say that you also forgot completely what that password was, what`s the next step?
Well, luckily, the website has an assistive feature available for situations just like this one:
The password recovery question!
However, chances are that if you don`t remember your password, you probably aren`t going to remember the answers you gave months or years ago, to questions like:
– What`s your favorite desert? (Most people change their mind quite often about things like that)
-What is your favorite food? (What good does that question do, considering that 20% of Americans picked pizza as their favorite food, that means you have 1 in five chances of answering someone`s security question).
– What is your hometown? (In some countries, like Denmark, 20% of the people live in Copenhagen, not much of an efficient security question either).
Ok, so if some types of questions are so unreliable, that they can be cracked very easily, what should websites do to assure account security for their users?
Well, for one thing, most websites think that adding even more security questions is the right solution.
Google, a company that has plenty of experience with password loss, published recently a white paper in which they debated just how useless help security questions actually are.
The paper was accurately called, “Secrets, Lies, and Account Recovery: Lessons from the Use of Personal Knowledge Questions at Google” and from that paper we learn that if a person chooses to use the “What`s your favorite dish?” question as part of their password security feature, then they are 74% likely to remember their answer if you ask that question again a month later.
However, let`s say that you don`t need to answer that security question for three months, then as Google statistics show, there`s a 50% chance that you won`t remember what your answer was and the same goes for other questions based on people`s preferences.
Ok, we learned that these are not good questions because, no one will probably remember the answer to them. So what are some good questions?
According to Google, most people manage to remember questions like their father`s middle name or their birth town, but unfortunately, this means that everyone who knows a little about your person, would be able to hack into your account.
In conclusion, apparently the safest way to make sure that you can access your account even though you cannot remember your password, without risking security problems, is to rely on a SMS or an email recovery system.
Image Source: farnet