A recent article from PC Magazine highlights research from Google surrounding the limited effectiveness of secret questions for account recovery:
“Not being able to remember your secret question responses is
annoying, but Google said the bigger concern is hackers who try to
hijack accounts using “mass guessing attacks.” With weak answers, it’s
not that difficult: a 2009 report from the Institute of Electrical and
Electronics Engineers said that researchers guessed about 10 percent of
people’s answers by using common responses.
In an era of openness, meanwhile, where your every move is chronicled
online, it’s not hard to find things like place of birth, mother’s
maiden name, or high school mascot by trolling a Facebook or Twitter
account. This type of scenario is potentially how hackers gained access to
celebrity iCloud accounts last year. “Certain celebrity accounts were
compromised by a very targeted attack on user names, passwords, and
security questions, a practice that has become all too common on the
Internet,” Apple said in a September statement”
