Researchers from Microsoft and Carnegie Mellon University plan to show that the secret questions used to secure the password-reset functions of a variety of websites are woefully insecure. In a study involving 130 people, the researchers found that 28 percent of the people who knew and were trusted by the study s participants could guess the correct answers to the participants secret questions. Even people not trusted by a participant still had a 17 percent chance of guessing the correct answer to a secret question. Researchers will present their findings at the IEEE Symposium on Security and Privacy [virginia.edu]
Source: https://threatpost.com/research-password-secret-question-woefully-insecure-051909/72664/