Thursday, 21 November, 2024

Reasons why Password hints are risky


Reasons why Password hints are risky

Estimated reading time: 4 minutes

Almost every online service and I am talking about web services that have been in the market for a certain time, will ask you to set your password when you register a new account. Password hints are a bad idea and you should never do it. Hereā€™s why, and what to do instead.

What Are Password Hints?

Iā€™m talking about the password hint boxes ā€“ something the newer generation of readers most likely doesnā€™t even remember seeing. At the time when it belonged to Yahoo, most of the time when one was creating an account, they had to set some questions in reaction to which the password could be retrieved. Thatā€™s when you try to reset your password and as a result of that, they ask you some questions before you proceed further.

These password reset questions, also commonly referred to as security questions or password hints, were supposed to serve as another form of identification for a user. Therefore, they are often questions that would only you would know the answer to, or be expected to know the answer to. Thatā€™s things like the first name of your first pet, your motherā€™s maiden name, the street you were born or grew up in and so on.

Other versions include make your questions; however, here, the problem is that one may forget the answer. Worse still are password cues that assist the user to remember passwordsā€”this is a direct to use non-random (and therefore; insecure) passwords.

Why Password Hints Are a Security Threat

As convenient as they may seemā€” you donā€™t just get a password reset on request, you need to prove who you are first ā€“ password hints are a terrible idea and you should never use them. This is because do not superimpose an added layer of protection but rather an added layer of risk.

It gets back to a simple fact that to make better security one has to reduce the attack vectors ā€“ areas where an attacker might be able to attempt a breach. Passwords by themselves raise your risks, however, that is the art of the trade, as without a password, even in a passwordless world, you couldnā€™t get in. Password hints add even further to the devastating surface as they give the attackers a way how to get your passwords.

And the reason is that strong passwords are random passwords. This is because password hints are not random; you can usually get the answers. Things such as your motherā€™s maiden name, your petā€™s name, or the name of the street where you grew up are facts that are easy to guess.

This information for the most part resides in the social media accounts of individuals and even not, a very basic social engineering attack could extract this from you or someone you are close to. After all, few of us will volunteer our passwords, however, when asked something like ā€œHey, Iā€™m from the same neighbourhood as you,ā€ most people will proceed to give their childhood address. ā€I grew up on this street,ā€ I said pointing at the map, ā€œMadison Street.ā€ If you answered it truthfully, as almost any person would, you handed over somebody your password reset function.

What to Use Instead of Password Hints

The only way to solve this problem is to not include password hints or password reset questions. Unfortunately, there are some companies, oh hello Microsoft, that donā€™t give a hoot about the massive threat they are and insist that you use them. The only thing that you can do in this case is enter a nonsense response (you can even copy it somewhere anonymous if you desire to be even safer).

That brings you to the next question of how you can protect your accounts. Besides, without hints, it is very unlikely that you can reset your password if the need arises. Password managers solve this issue: these useful applications create, save, and even retrieve your passwords automatically. Using them means you would probably never have to reset your passwords, and therefore giving nonsensical answers will not disadvantage you.

Password managers are effective apart from eliminating the need for password hints. On password hygiene, they do all the hard work whereas other password-related attacks have less chance of being accomplished at all.

Source: Howtogeek


Discover more from News Round The Clock

Subscribe to get the latest posts sent to your email.

0 comments on “Reasons why Password hints are risky

Leave a Reply

Join The Conversation

Join Our Mailing List

Nigerian Wedding – Dolapo + Jide ā¤ļøšŸ’

GROCERIES CATEGORY

Premier League Table

The Super Eagles at the FIFA World Cup (1994-2018)

Follow NRTC on Twitter

Discover more from News Round The Clock

Subscribe now to keep reading and get access to the full archive.

Continue reading