Security questions (sometimes referred to as "challenge" or "secret" questions) are used widely as a security enhancement for online account access. We know that these questions are vulnerable to social engineering or being bypassed when hackers simply guess the answers, but a new study from Google examines exactly how and where these questions create issues. For example, if you have ever forgotten the answer to a hard question (even one that you set up yourself), you're in good company: This happens to 40% of users who choose this strategy. Click here for more interesting data points from the study. The data show why security question are less desirable for both users and organizations than transparent methods of strong authentication that don't share these vulnerabilities.
