Fordham Information Technology - Secure IT: May 2015

Friday, May 22, 2015

Article - Your Secret Questions Are Just as Terrible As Your Passwords



A recent article from PC Magazine highlights research from Google surrounding the limited effectiveness of secret questions for account recovery:

"Not being able to remember your secret question responses is annoying, but Google said the bigger concern is hackers who try to hijack accounts using "mass guessing attacks." With weak answers, it's not that difficult: a 2009 report from the Institute of Electrical and Electronics Engineers said that researchers guessed about 10 percent of people's answers by using common responses.

In an era of openness, meanwhile, where your every move is chronicled online, it's not hard to find things like place of birth, mother's maiden name, or high school mascot by trolling a Facebook or Twitter account. This type of scenario is potentially how hackers gained access to celebrity iCloud accounts last year. "Certain celebrity accounts were compromised by a very targeted attack on user names, passwords, and security questions, a practice that has become all too common on the Internet," Apple said in a September statement"

Tips for Safe Password Sharing


Source: http://www.pcmag.com/article2/0,2817,2484538,00.asp


US-CERT Technical Cyber Security Alerts

IT Security - The IT Security Industry's Web Resource