Google Reveals the Problem With Password Security Questions

PHOTO: The Google logo is seen inside the companys offices on March 23, 2015 in Berlin, Germany. Adam Berry/Getty Images
The Google logo is seen inside the company's offices on March 23, 2015 in Berlin, Germany.

Google analyzed hundreds of millions of password security questions and answers, revealing how startlingly easy it is for would-be hackers to get into someone else's account.

Case in point: What's your favorite food?

Using one guess, an attacker has a 19.7 percent chance of guessing an English speaking user loves pizza, according to Google's findings, which looked at hundreds of millions of questions and answers for account recovery claims.

While the questions are meant to provide an extra layer of security, Google found easy-to-guess answers were a problem around the world.

With ten guesses, an attacker would have a near one in four chance of guessing the name of an Arabic speaker's first teacher. Ten guesses gave cyber criminals a 21 percent chance of guessing the middle name of a Spanish speaker's father.

South Korean users were most vulnerable with the question "What is your city of birth?" With ten guesses, attackers would have a 39 percent chance of getting into a person's account.

While the study shows how alarmingly easy it is to crack a person's password security questions, Google said the solution shouldn't be to add more questions.

Google's security researchers instead recommend users make sure their account recovery information is current by going through a security checkup. Adding a phone number or back-up email address can help circumvent the issue of someone trying to penetrate your account via the secret questions.