Specops Password Reset Software for Windows and Active Directory

Security questions – a flawed model

It is ingrained in our mind that we should create secure passwords. Most times we attempt to create strong passwords that guard our information against hacker attacks but there’s a security hole we often overlook – security questions. 

For a long time, security questions have been a way to verify user identities when they forget their passwords. When setting up password reset for various systems, users are presented with a list of suggested security questions such “what’s your first pet’s name?” or “Where did you go to high school?” Answers to these questions can be easily retrieved by users because they are so easy to remember. The bad news is – they are also easy for hackers to find because they are public knowledge.

In September 2014, news broke that hackers gained unauthorized access to the iCloud accounts of several celebrities and leaked numerous private photos to the public. The hackers were able to gain entry by guessing usernames, passwords and security questions – the answers to which can often be found online.

Not every attack will be successful just because hackers know the answers to your security questions. But if you continue to guard your account using only security questions, you are leaving your data security to chance. So what can be done to provide added security? Multi-factor authentication is the answer. It adds another layer of security by combining two or more of these factors – something you know (username and password), something you have (hardware), and something you are (biometrics). In the most common situations, users are required to enter their password and a code will be sent to their phones before they get access to their account.

To test the security level multi-factor authentication provides, Christopher Mims at The Wall Street Journal exposed his Twitter password to the public and challenged people to hack into his Twitter account. After endless attempts from strangers, his account withstood the assault because nobody was able to obtain the second piece of the puzzle – his cellphone.

Multi-factor authentication can significantly increase password security because each factor is independent and compromising one would not lead to the fall of others. Specops uReset supports multi-factor authentication. The new features will enable users to verify their identities with a variety of identity services, in addition to the more widely used security questions and mobile verification codes.

(Last updated on October 8, 2024)

Back to Blog

Related Articles

  • Common mistakes with endpoint encryption

    Endpoint encryption is one of the cornerstones to securing data but it can introduce new challenges which can result in costly mistakes. Encryption is the process of changing information to make it unreadable without a proper authentication key. Administrators tasked with implementing data security measures are trusting encryption as a simple way to protect data,…

    Read More
  • Confessions of an IT admin – O365 implementation experience

    For its average user, over a 100 million of them, O365 equals seamless access to corporate data, and a ton of apps. For the IT administrator, it is a bigger attack surface, added complexities, and of course, a few surprises (no matter how many checklists you are following). In this blog post, I will be…

    Read More
  • Default account lockout policies in Windows 11

    Windows 11 is the newest and generally most secure operating system in the Windows family. In the newest iteration of Windows, there are default account lockout policies that exist to mitigate RDP and other brute force password vectors. Why default account lockout in Windows 11? Brute force password attacks can be automated to try millions…

    Read More