The idea behind security questions is that it is assumed that these are answers that only you know. Some of it might be personal that no one else knows which is why it makes sense that many online services tend to offer up the feature as a means of logging into an account in the event you forget your password.However according to a recent study conducted by Google, it turns out that as well-meaning these questions and security methods are, security questions are actually not as secure as many would think they are. According to Google the simple reason behind this is because either the answers to these security questions are too secure or too easy to remember.
Easy to remember answers means that there is a good chance the attacker would guess what it is. For example, “With ten guesses, an attacker would have a 39% chance of guessing Korean-speaking users’ answers to the question “What is your city of birth?” and a 43% chance of guessing their favorite food.”
As for those who choose difficult answers that attackers may not guess, Google found that 40% of their English-speaking users weren’t able to recall their secret question to begin with, thus making the entire process moot, but what do you guys think of Google’s findings? Are you in agreement that these security questions might not necessarily be the best form of security?