'安全提示問題'其實並不安全!
Security questions risks
'安全提示問題'並不安全Researchers at Google discovered that security questions as a standalone method for recovering access to accounts is not an efficient model.
谷歌研究員發現,用安全性問題作爲恢復賬號登錄的唯一方式,並不是那麼有效。The study relied on a dataset of hundreds of millions of secret answers and millions of account recovery requests.
該研究基於數億個安全問題的答案以及數百萬條恢復賬號登錄的請求。
If the user set up a truthful answer, according to statistics provided by the researchers, in 19.7% of the cases, an attacker would need a single try to guess the correct answer to the question "What is your favorite food?" in the case of American users.
根據研究者提供的數據,如果用戶設置了真實答案,美國用戶設置的"你最喜歡的食物"只需1次嘗試就能成功破譯的概率是19.7%;With 10 guesses, an attacker would have a 39% chance of guessing Korean-speaking users' answers to the question "What is your city of birth?"
韓語用戶設置的"你的出生地"猜10次就能成功破譯的概率是39%。As per their findings, the recovery mechanism based on reset SMS codes recorded a success rate of 81%, while the method relying on backup emails proved to be efficient in 75% of the cases.
研究顯示,通過短信獲取重置碼、備選郵箱來恢復登陸的有效性分別爲81%、75%。