Google researchers recently revealed that users may actually be compromising their online security when they give fake answers to account security questions. If you gave a fake last name for your father as an answer to a question to try to prevent hackers from breaking into your email account, you may just have compromised your online account.
The investigators at Google found that secret questions, on average, are less secure than original passwords that users create themselves. That analysis was shared from a peer-to-peer paper discussed during last week’s International Conference on the World Wide Web, which was held in Florence.
What was perhaps most intriguing about the conclusions found by this paper was that the insecurity was largely explained by false answers users gave to questions. The paper was titled “Secrets, Lies, and Account Recovery: Lessons from the Use of Personal Knowledge Questions at Google.” An explanation for the surprising result is that fake answers are more predictable than real ones. Particularly weak are the answers of “I don’t know” or “Don’t have one.”
On the other hand, more secure answers are those that are harder to guess as they are unique. They are memorable for users in addition to being high in security level. As well, it avoids the issue of many people using the same fake answers, which makes them more common and easier for cyber criminals to guess.
To strengthen user online security, use real answers to security questions and try using a backup mechanism too. For instance, Google will send an account recovery phone to your phone after you register your phone number. That way an account’s security is not just hinging on correctly answering questions to be able to access an account, which can be full of private details available to hackers once they’ve gained entry to it.