What makes a good security question?
Many platforms ask you to choose a security question, which you will need to answer when logging in or resetting your password. Websites often offer system-defined questions that you can choose from or come up with your own questions. But how do you choose a question that is difficult to crack but easy for you to answer? Good security questions for recovering a user’s current password should meet the following characteristics:
- Memorable. The answer to the question should immediately pop into your head, even if you’re logging in two years after you first created the account. Don’t make it the song you listened to on repeat 10 years ago, and make sure it’s a fixed answer. For example, you will never forget what your first car or first pet was.
- Unique. Try to come up with unique questions with simple answers, like “what’s your favorite pet” to verify your identity. Security questions shouldn’t have multiple potential answers. Pick something precise, simple, and straightforward. And don’t try to be cheeky and go with a fake answer, lest you outsmart yourself and forget it two months down the line.
- Consistent. The security question should be factual and not change over time. For example, your preferred musical genre, favorite song, or work address might change, but the city you were born in won’t.
- Unpredictable. Don’t make the answer something others can easily guess or research. No one except you (and maybe the person involved in that specific life event) should know the correct answers to security questions. And don’t make the mistake of sharing such personal information on social media or taking Facebook quizzes that try to trick you into revealing this information!
Check out our video on security questions below.
Security questions you should avoid
Why are some security questions bad? It comes down to two reasons: they are too complicated or too simple. People either forget their answers or their accounts get hacked because the answers were way too easy to guess. One way to avoid this is to never share such information anywhere and avoid answering security questions when signing up for websites with sketchy reputations. But all in all, it’s best to avoid using weak security questions in the first place.
Bad security questions
In what city or town was your first job? This information can be easily found on LinkedIn or easily guessed if you’ve never moved to another city or country.
What elementary school/high school did you attend? Bad actors can easily find this information on LinkedIn or social media like Facebook.
What is your mother’s maiden name? It may take a little bit of digging, but a hacker could find this information from social media or national registries.
What is your favorite movie? This question may have many possible answers. Something you really liked yesterday might not be the movie you’ll love today since new movies are released all the time and your taste changes.
What was your favorite sport in high school? This is a weak question with many potential answers. Others can also guess the answer, especially if your Facebook profile is full of pictures of you playing rugby, cheerleading, or any other sport. And if it’s not, then there’s a chance that the answer can be guessed if you post many articles about football, for example.
A list of good security questions you could use
What was the name of the boy or the girl you first kissed? This is a good question as it’s personal — you’re likely the only one to know the correct answer.
Where were you when you had your first kiss? Like the last one, this is also a personal and stable question that few people can answer.
In what city did you meet your spouse/significant other? A good personal question with a consistent answer. However, it may be easy to guess, especially if you’ve never moved countries, haven’t traveled much, or married your high school sweetheart.
What is the middle name of your youngest child? A great question if you have kids since this information most likely won’t be available anywhere outside your child’s passport.
What was the name of your first stuffed animal? A question that requires a consistent and specific answer. Not all kids have a favorite stuffed animal, but if you did, there’s probably no one else in the world who knows its name.
In what city or town did your mother and father meet? It’s personal and specific. Only you and your family members will know the answer. This information most likely cannot be found on social media either.
What was the first exam you failed? It’s personal, specific, stable, and easy to memorize. And if you’re not prone to overshare online, this information won’t be found on your social media accounts.
What’s more, some websites let you choose multiple questions to minimize the chances of a third party intruder getting access to your account information.
Is there anything else I can do?
Yes! First, limit the information you share on social media profiles and your posts. You don’t need to list your hometown on Facebook to create a profile. Have a look at these tips and reevaluate how you can make your social media profiles more private. This will make the hackers’ job way more complicated.
And if you are confident that you’ve chosen good security questions but still think you may forget the answers, use a password manager. Many secure password managers, including NordPass, let you add notes to your passwords.
FAQs
The best security questions and answers are safe, memorable, consistent, specific and unpredictable.
- Safe: Ensure that the answer to your security question is confidential and cannot be easily guessed by others. ...
- Memorable: You should be able to recall the answer to your security question without writing it down.
The answer to a good security question should be obvious. In addition, it should be easy to remember, but at the same time remain secret to others. The answer should be immediately remembered as soon as the user receives the security question.
What are some typical security questions? ›
Here are examples of some common security questions:
- In what city were you born?
- What is the name of your favorite pet?
- What is your mother's maiden name?
- What high school did you attend?
- What was the name of your elementary school?
- What was the make of your first car?
- What was your favorite food as a child?
Security questions fall into two main types. With user defined security questions, the user must choose a question from a list, and provide an answer to the question. Common examples are "What is your favourite colour?" or "What was your first car?"
How do I choose a security solution? ›
How to Choose a Cyber Security Solution for Your Business
- Conduct an internal cyber security risk assessment.
- Determine your cyber security solution needs.
- Partner with cyber security solution providers.
- Justify the costs of cyber security services and solutions.
- Consider how scalable and user-friendly the solution is.
Sample Questions
Where was my mother born? What is my father's middle name? What was the name of my imaginary friend when I was a child? In what month was I married?
How do you answer a security questionnaire? ›
Your security questionnaire responses should clearly answer the question being asked, including only relevant details and evidence. Always request further explanation from the client organization for any ambiguous questions rather than assuming the answer.
How many security questions should be asked? ›
The purpose of security questions is to protect your business against cyberattacks, so ask as many questions as possible and confirm the user's identity before letting them in. Hackers may breach a single security question. However, asking multiple questions improves your security system.
Why do I have to answer security questions? ›
Security questions are usually used by banks, online services, etc. The purpose of asking such questions is to add another layer of security alongside your password.
What are the 4 C's security? ›
The 4 C's security refers to a framework comprising four essential elements: Concealment, Control, Communication, and Continuity. These elements collectively contribute to fortifying security measures and safeguarding assets, premises, and individuals against potential threats and risks.
Security Questions You Should Avoid
Questions that have answers that are easily guessed or found online should not be used. For example, questions like “What city were you born in?” or “What is your mother's maiden name?” are too common and can be easily guessed or found online.
How do I choose a security question? ›
The security question should be factual and not change over time. For example, your preferred musical genre, favorite song, or work address might change, but the city you were born in won't. Unpredictable. Don't make the answer something others can easily guess or research.
What is the security question and security answer? ›
Security questions are used to verify a user's identity on password-protected sites. A security question is a question used to verify a person's identity on a password-protected network or Web site. Users typically choose one out of a number of biographical questions to answer when they create online accounts.
What is a security questionnaire? ›
A security questionnaire is a set of questions designed to help an organization identify potential cybersecurity weaknesses among its third-party and fourth-party vendors, business partners, and service providers. Organizations use security questionnaires to deliver informed vendor risk assessments.
How do I choose a security safe? ›
- Knowing the value of the contents. It is important to know the value of your contents before buying a safe. ...
- All good safes carry insurance ratings. ...
- Safe Type: Fire or Security? ...
- Size of the Safe. ...
- Safe lock mechanism types to consider. ...
- Positioning the Safe. ...
- Fixing the Safe.
Choose a strong security question
A good security question is one where the answer cannot be easily guessed — for example, “What is your mom's middle name?” or, “What is the secret password I gave you?” It's a good idea to agree on a shared secret security question before sending the Interac e-Transfer transaction.
What are the 5 security questions at airport? ›
8 Airport questions you need to be able to answer in English
- Do you have an e-ticket or a paper ticket? ...
- Are you checking in baggage or carrying on? ...
- Would you like a window or aisle seat? ...
- May I see your boarding pass? ...
- Which gate should I board from? ...
- Is my flight delayed or on-time? ...
- Do you have anything to declare?
A good rule of thumb for choosing a network security protocol is always to select the safest option compatible with your devices. For many with newer routers, computers, and phones, the security protocol that fits this bill is WPA3.
