"Questions about hacking through password resets have been raised before. When Paris Hilton's cell phone was famously hacked in 2005, some tech sites reported that criminals simply used her dog's name, easily found online, to break in. That theory was later discredited, but it likely sent criminals scurrying to find famous people's dog's names.
It also prompted researchers to study the issue, which is also known as 'fallback authentication.' Ariel Rabkin, a researcher at the University of California at Berkeley, is probably the first to attempt to quantify the problem. He recently published a research paper (PDF) titled in part, 'Security Questions in the Era of Facebook.' It examined password reset questions at 20 banks. Of the 215 questions used by the banks, he classified only 75 as secure and usable. The others were either easy for hackers to guess or obtain, or simply too hard for consumers to remember."
« Older In the wake of some pretty nasty harassment direct... | Playcrafter is now in open alp... Newer »
This thread has been archived and is closed to new comments