Ever since we had passwords and accounts there have always been hackers trying to get their hands on them. More importantly, people have also been forgetting their passwords. To recover them, the account provider often implements a series of questions that you provide your “secret answers” to. This system has worked fine for many years, but it is riddled with ways to make hackers’ jobs easier. Although the answers are secret, ,,,kk per se, it appears that you’re actually sacrificing your security in the hopes that one day this sacrifice will help you recover your password.
What Makes Security Questions Horrible At Security
What Should Replace These Questions?
The “secret answer” method was invented before people commonly had cell phones that could open SMS messages. At this point in history, virtually everyone with access to the Internet has a cell phone. Out of 7 billion people, there are roughly 6.8 billion phones. Google has adopted a new method for authentication that involves sending a one-time password through SMS for recovery. For those without phones, they could use a backup email either of a trusted person or one that they use themselves for recovery. This method makes it very difficult to “guess” one’s way into an account without the user’s phone.
By using two-factor authentication, you solve two things at the same time:
- You minimize the risk of a person not remembering their “answer” since the unique SMS code is handed to the user upon request, and
- You make a recovery method that is nearly unbreakable since the hacker would need to have access to a physical object that the user owns.