'Weak security questions' put email at risk

08/03/2010

Weak security questions on websites and webmail providers put email at risk, it has been reported.

A study conducted by security researchers at the University of Cambridge has shown how easily a common question, such as mother's maiden name, can be guessed by a hacker.

With three chances to guess answers to the question, one in every 80 accounts can be broken into by cyber-attackers, according to Joseph Bonneau, the leader researcher on the project, who spoke to the BBC.

Many websites and webmail providers use additional questions as a type of data protection tool on an account, allowing the user to verify any changes that have been made.

However, the study found that with a number of email providers, an existing password can be overwritten without the hacker knowing what it is.

Security researchers from the study were looking into ways of making security questions more difficult to guess, for example, by making users answer three questions before re-setting a password.

Research from internet security company, McAfee, showed that cyber-attacks on crucial infrastructure IT systems are growing in frequency worldwide and could cost more than £3.7 million a day.

Get the latest industry news straight to your inbox, click here to sign up.ADNFCR-1355-ID-19656845-ADNFCR


More in our Archive