Password recovery via secret questions is insecure


In a research paper being presented at a computer security symposium in Oakland, California today, researchers from Microsoft and Carnegie Mellon University argue that secret question mechanisms are insecure. The study involved 130 people who use Web mail services from Google, Microsoft, Yahoo and AOL, all of which have secret questions for password recovery.

Guest: Stuart Schechter, Microsoft Research

Comments are closed.