Study: password resetting 'security questions' easily guessed

How secret are in fact the ’secret questions’ used for resetting forgotten passwords? Not so secret after all, according to a just published study entitled “It’s no secret: Measuring the security and reliability of authentication via ’secret’ questions” according to which 17% of the study’s participants were not only able to answer the ’secret questions’ of strangers, but also, that the most popular questions were in fact the easiest ones to answer.

All of these findings, combined with the misalignment of the end user’s perception of security offered by security questions and the extend to which the answers have already been made public, can be summarized with a single security tip - make sure that you don’t tweet about how much fun you had on your honeymoon in Paris a couple of years ago, when your security question is “Where did you spend your honeymoon?“, which you would have presumably answered correctly.