Poor security questions put e-mails at risk
March 9th, 2010 - 1:17 pm ICT by ANILondon, Mar 9 (ANI): Experts have warned that hackers can comfortably crack questions used as security checks in webmails.
Joseph Bonneau, a security researcher at the University of Cambridge, insists that attackers can break into at least 1 in every 80 accounts if they get three chances to guess answers.
“The numbers were worse than we thought,” the BBC quoted him as saying.
He recommends webmail firms to replace simple answers with more complex tests to confirm a person’s identity.
Bonneau teamed up with Mike Just and Greg Matthews, from the University of Edinburgh, to check how frequently attackers can be successful in answering security questions.
The researchers claim that hackers are successful in getting answers to security-check questions correct every 80 accounts, as information people use as answers are often publicly accessible, such as US marriage and birth records which were viewable online for a long time.
He said: “We measured how hard it was to guess answers. Asking what was the name of someone’s first grade teacher seems like a secure choice. The problem is that there’s a tonne of teachers out there named Mrs Smith.”
Bonneau warns that cyber criminals maintain a long lists of e-mail addresses to attack.
He added: “They have the big list and most of them they will not get enough access to.
“Webmail was never really designed for security but it is taking on a pretty important security role. Once you have an e-mail account you can take over a lot of other things with it.”
However, the researchers believe Webmail firms can tighten their security.
Bonneau explained: “They can make guessing a lot harder if they shape the answers that they allow. Such as not letting you register Smith as an answer.”
“The chance of guessing three things simultaneously is pretty low’.
Websites such as Google, are already sending reset passwords by text message in a bid to protect the account of its users. (ANI)
- Optimum Online Users Face Technical Issues With Webmail - Jul 16, 2010
- Firewalls can help hackers break into Facebook, Twitter - May 22, 2012
- Earthlink Webmail: The New Mailing System In Your iPhones - Nov 19, 2010
- Beware of Valentine's spam, warns IT security firm - Feb 13, 2012
- WikiLeaks publishes 5 mn emails from thinktank Stratfor - Feb 27, 2012
- Optonline.net Webmail - the new sensation - Mar 05, 2009
- Now send email to your future self - May 26, 2012
- Facebook stops 600,000 hacking attempts daily - Oct 29, 2011
- Sarah Palin e-mail hacker gets one year in jail - Nov 13, 2010
- Simple passwords easier to hack: experts - Jan 21, 2010
- Upper-casing password can foolproof your e-mail account - Feb 11, 2011
- Kamasutra could make you a victim of a hack attack - Jan 14, 2011
- Firms warn staff of iPhone, iPad hacking - Feb 11, 2011
- Jaipur IT firm to help BlackBerry users stay connected - Oct 10, 2010
- Iranian state backed hackers accused of attacking online security systems to pry on opposition - Mar 25, 2011
Tags: attackers, birth records, cyber criminals, e mail account, google, grade teacher, greg matthews, important security, mrs smith, poor security, reset passwords, security check, security checks, security questions, security role, text message, three chances, university of cambridge, university of edinburgh, webmails