A paper [PDF file] published by researchers at the University of Cambridge and the University of Edinburgh reports that hackers have a one in 80 chance of successfully guessing common security questions, like a user's mother's maiden name or their first school, within three attempts.

"The academics reached their conclusion after analyzing 270 million first and last names pairs extracted from Facebook," writes The Register's John Leyden. "Online research about a subject or a pre-existing relationship makes the chances of figuring out the answer to password reset questions still easier."

"Sarah Palin's Yahoo! webmail account was famously hacked during the 2008 presidential election using publicly available information to determine the answers to webmail password reset questions," Leyden writes. "The research led by Bonneau shows that even a brute force dictionary attack with no prior knowledge or background research stands an unacceptably high chance of success."

Click here to read the article at The Register.