Notification of security question compromise level based on social network interactions

摘要

An approach is provided to improve security of security questions. In the approach, the system prompts a user for a security question. The security question and security answer associated with the security question are received by the system using a user input to the information handling system. Network-accessible data stores, such as social network accounts, are searched for the security answer resulting in search results. The searching results reveal a risk level which is identified by the system. The identified risk level is provided to the user, such as at a display device.

主权项

1. A method implemented by an information handling system, the method comprising:
receiving a security question and a security answer associated with the security question; querying one or more network-accessible data stores with a first query using the security answer as a search term; receiving first search results corresponding to the first query; determining, by one or more processors, a risk level of the received security question and security answer based, at least in part, on the first search results; accepting the received security question and security answer in response to the identified risk level being an acceptable risk level; storing the received security question and security answer in a data store that includes a plurality of existing security questions and a plurality of existing security answers; periodically rechecking the security of each of the stored existing security questions, the rechecking comprising:
searching the one or more network-accessible data stores for each of the existing security answers, the searching resulting in a plurality of updated search results;identifying an updated risk level pertaining to each of the existing security questions based, at least in part, on the plurality of updated search results;retrieving one or more user account identifiers corresponding to each of the existing security questions where the updated risk level is at the unacceptable risk level; andalerting the user to each of the updated risk levels that are at the unacceptable risk level, wherein the alerting further comprises notifying the user of the retrieved user account identifiers.