Cecure Intelligence Limited

CIL Support

CIL ADVISORY

Security Questions: Still In Use but No Longer Acceptable?

  • JULY 15TH, 2024
  • 1min read
Security Questions: Still In Use but No Longer Acceptable?

Introduction

Security questions are a common form of identity authentication commonly used when creating accounts or signing up for services online, where users confidentially share answers to secret questions with providers.

Security questions are no longer recognized by NIST SP 800-63 as a valid authentication method due to security concerns but remain widely used for password recovery and additional security layers. This necessitates careful selection of security questions to avoid associated risks.

Desired Characteristics of Security Questions

  • Memorable: The user must recall the answer years after account creation.
  • Consistent: The answer must not change over time.
  • Applicable: The user must be able to answer the question.
  • Confidential: The answer must be hard for attackers to obtain.
  • Specific: The answer should be clear to the user.

Avoiding Bad Security Questions

  • Predictability: Avoid questions with small answer pools (e.g., “What is your favourite colour?”).
  • Discoverability: Avoid questions with answers easily found online (e.g., “What is your nickname?” or “What is your best friend’s name?”). Attackers use polls/question threads to gather such data.
  • Forgeability: Easily forgettable questions diminish reliability. A good question must be consistent.
  • Repetition: Avoid reusing security questions across multiple accounts.

Explore more CIL Advisories

Phishing Emails

Phishing Emails

IntroductionPhishing attacks are becoming increasingly sophisticated, with malicious actors exploiting current events like the Paris 2024 Olympics Games to run…

DECEMBER 16TH, 2024

Read More
Preventing Deep Fake Scams

Preventing Deep Fake Scams

IntroductionMalicious actors always find creative ways to defraud unsuspecting individuals; deep fake scams are one of the latest ways with…

DECEMBER 9TH, 2024

Read More
Trouble Looms: Ransomware Attacks on the Rise

Trouble Looms: Ransomware Attacks on the Rise

IntroductionRansomware is a type of malware which prevents you from accessing your device and the data stored on it, usually…

DECEMBER 2ND, 2024

Read More

Never miss a CIL Security Advisory

Stay informed with the latest security updates and insights from CIL.

Security Questions: Still In Use but No Longer Acceptable?

Contact Us

Message Sent!

Thank you for reaching out. We have received your message and will get back to you shortly.

Check your email for a confirmation from us.

Start a project

Project Request Submitted!

Thank you for your interest. Our team will review your project details and reach out to you soon.

Check your email for a confirmation from us.

We use cookies to enhance your browsing experience, serve personalized ads or content, and analyze our traffic. By clicking "Accept All", you consent to our use of cookies. You can manage your preferences or learn more in our Cookie Policy .

Cookie Settings

We use cookies to improve your experience on our website. Some cookies are essential for the website to function, while others help us understand how you interact with our site. You can choose which cookies to accept below.