A New System of Online 'Security Questions' to the Rescue
Passwords are a really good way to protect access to a computer or website from cyber criminals.
If a password is easy to remember for the owner, sadly it would be easy to guess for an attacker as well.
If a password is more complex, that is when it includes a mix of uppercase and lowercase letters and digits, it would undoubtedly be harder for a hacker to crack it. Password requirements for users differ in various sites but in most cases 'secret/prompt questions' are involved. Have you ever thought about strength of such type of passwords?
Users may often be asked a variety of simple 'prompt questions' such as 'Where were you born?', 'What is your mother's maiden name?' or 'What street did you grow up on?' for ID verification before a password reminder is sent out. After all, it emerges that answers to these questions are not so secure because it may not be so hard for other people to predict them. So, what could be done to make the passwords stronger? At first, for answers to be more complicated for hackers to guess, the questions should be made to be difficult in the first place.
Computer scientists at Rutgers University in the United States have announced a system to enhance 'security/prompt-question' online security when online shoppers forget passwords. Scientists state they are six months away from writing code that would protect passwords from being identified. According to assistant professor of computer science in the Rutgers School of Arts and Sciences Danfeng Yao, it is well-known that security questions are not very safe and easily predictable. Yao is a leader of a team of scientists who are developing an 'activity-based personal questions' approach to security questions. Websites could ask a user, 'When was the last time you sent an e-mail?' or 'What did you do yesterday at noon?' Dynamic questions would be much harder for attackers to suspect.
Once a computer scientist said she gave students in her lab some questions associated with network activities, physical activities and opinion questions, and then asked them to 'attack' each other. Security experts say that 'security questions' serve a real security threat and need to be renewed with questions that continually change according to a user's digital history. That's because this information would be harder to gain and it is less widely available. Traditional 'security questions' are fixed and long-lived and do not usually change, so a user's answers may be collected or presumed by people around the user.
A 1990 study discovered that people were able to predict email password of someone else 17 percent of the time. Spouses were able to guess the password 33 percent of the time. Another problem is that people are likely to forget their passwords and have to revert to answering a 'secret question', which is also often easy to guess. Yao tells memory has not been an issue when 'activity-based' questions were tried on her students. Yao also says they are presently developing a prototype system which is expected to be finished and available by May 2010. She concludes that the system includes both server-side and client-side components, so they need to accomplish a considerable amount of testing on both security and memorability before they offer their result to the market.
Leave a Reply
Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter . If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.