(单词翻译:单击)
Security questions risks
'安全提示问题'并不安全
Researchers at Google discovered that security questions as a standalone method for recovering access to accounts is not an efficient model.
谷歌研究员发现,用安全性问题作为恢复账号登录的唯一方式,并不是那么有效。
The study relied on a dataset of hundreds of millions of secret answers and millions of account recovery requests.
该研究基于数亿个安全问题的答案以及数百万条恢复账号登录的请求。
If the user set up a truthful answer, according to statistics provided by the researchers, in 19.7% of the cases, an attacker would need a single try to guess the correct answer to the question "What is your favorite food?" in the case of American users.
根据研究者提供的数据,如果用户设置了真实答案,美国用户设置的"你最喜欢的食物"只需1次尝试就能成功破译的概率是19.7%;
With 10 guesses, an attacker would have a 39% chance of guessing Korean-speaking users' answers to the question "What is your city of birth?"
韩语用户设置的"你的出生地"猜10次就能成功破译的概率是39%。
As per their findings, the recovery mechanism based on reset SMS codes recorded a success rate of 81%, while the method relying on backup emails proved to be efficient in 75% of the cases.
研究显示,通过短信获取重置码、备选邮箱来恢复登陆的有效性分别为81%、75%。