Strong Security Questions

TL;DR

Security questions are often weak points in online security. This guide shows you how to choose strong questions and answers, manage them effectively, and understand their limitations.

1. Understand the Risks

Security questions seem simple, but they’re easily compromised because:

• Predictable Questions: Hackers know common questions (e.g., mother’s maiden name).
• Publicly Available Information: Social media and public records often contain answers.
• Weak Answers: Simple or easily guessed answers are quickly cracked.

If a hacker knows your security question answer, they can access your account.

2. Choosing Strong Questions

1. Avoid Common Questions: Don’t use questions like:

• What is your mother’s maiden name?
• What was the name of your first pet?
• Where were you born?

Select Obscure Questions: Choose questions that are difficult for others to guess. Look for options like:

• What is the make and model of your first car?
• What was the name of your favourite teacher in primary school?
• Which city did you visit on your 16th birthday?

Consider Questions with Multiple Correct Answers: These are harder to brute-force.

3. Creating Strong Answers

1. Length Matters: Use long, complex answers (15+ characters).
2. Mix Characters: Combine uppercase and lowercase letters, numbers, and symbols.
3. Avoid Personal Information: Don’t use your name, birthday, or address in the answer.
4. Use Passphrases: Create a memorable phrase instead of a single word. For example, “RedBalloonJumpedHigh2024!” is better than “balloon”.
5. Don’t be Truthful (Sometimes): It’s okay to lie about the answer as long as you remember it! This makes it harder for attackers who might find information about you. However, ensure you can reliably recall your fabricated answer.

Example of a good answer:

MyF4v0riteC0l0rIsBlUe!2023

4. Managing Your Security Questions

1. Document Answers Securely: Use a password manager with secure storage to keep track of your questions and answers. Do not store them in plain text files or emails.
2. Update Regularly: Change your security questions and answers periodically, especially if you suspect a data breach.
3. Be Consistent: Try to use the same answer format across different websites (with variations for security).

5. Understanding Limitations

Security questions are not foolproof:

• Data Breaches: Websites can be hacked, exposing your questions and answers.
• Social Engineering: Attackers may trick you into revealing the answer.

6. Alternatives to Security Questions

1. Multi-Factor Authentication (MFA): Use an authenticator app or SMS codes for stronger security. This is far more secure than relying solely on security questions.
2. Passwordless Login: Consider using biometric authentication (fingerprint, face ID) where available.