How secure are online security questions? Not at all, says Google

25 May 2015

According to new Google research, being prompted online with security questions like ‘what was your first pet’s name?’ is not only frustrating, but nearly useless from a protection point of view.

Google’s team of security researchers has been examining one of the most common forms of security barriers online, and also one of the oldest, but in a new paper Google’s team says that the whole concept is fundamentally flawed.

In a blog post on the subject, the team claims that if you’re asked a questions like ‘what is your favourite food?’, you’re going to give one of two answers: a secure but hard-to-remember answer, or one that would be very easy to remember but quite insecure.

Quoting a few examples, the team were able to find that in English-speaking countries 19.7pc of people said ‘pizza’ was their favourite food.

While in South Korea, with just 10 guesses, you have a 43pc chance of guessing what a person’s favourite food is.

Better to go with number-heavy passwords

For people who gave difficult answers, 40pc of English-speaking US users couldn’t recall their secret question answers when they needed to, but these same users could recall reset codes sent to them via SMS text message more than 80pc of the time and via email nearly 75pc of the time.

Click on the infographic below for a closer look at Google’s recent security report.

Google security question infographic

Colm Gorey was a senior journalist with Silicon Republic