The hackers behind the 2015 data breach of the US Internal Revenue Service (IRS), for example, used personal information they’d previously stolen from thousands of Americans to answer security questions on the IRS website, and in turn get access to their tax returns.
The security questions asked about personal details, like, “On which of the following streets have you lived?” and, “What is your total scheduled monthly mortgage payment?”
The hackers in the IRS case successfully got through that security measure, but what if the agency had a system in place that could detect whether the person answering the questions really was who they claimed to be? In a recent study conducted in Italy, researchers demonstrated how such a system could work.
In the study, published recently in PLoS One, the researchers quizzed 40 respondents about their personal details.
