There are a lot of factors that go into choosing a good security question. Contrary to what their name suggests, they don’t always keep you secure. A Google report showed that there is a 19.7% chance that an attacker could guess an English speaker’s favorite food. People born in South Korea have their birthplace guessed 39% of the time within ten guesses.
The availability of information online has made answers easier than ever to guess. People share personal data on social media, where everything they say and do may be viewable. With data breaches involving popular websites like Yahoo, Twitter, LinkedIn, and Facebook, even private data may get leaked.
Table of Contents
What is a security question?
A security question acts as verification to help confirm the user’s identity. You’re asked to pick from a list of questions or write your own, and then create an answer for it. When later asked these security questions, you’re required to write in the same answer you gave before.
What makes a security question good?
There are five criteria that make a security question good:
- Confidential: Something that can’t be easily guessed or researched.
- Memorable: Easy to remember no matter how much time has passed.
- Consistent: An answer that can’t change over time.
- Simple: Short, clear, and easy to answer.
- Multiple: A question that can have many answers.
How do you choose a security question?
To choose a security question, you need to pick ones that rate high in all five criteria. That means it should be confidential, memorable, consistent, simple, and have multiple answers. The individual also influences these. A question that might rate well for one person may be poor for another.
For example, some people use this as a security question: in what city was your first job? If a person has lived their entire life in one or two cities, it would be easy to guess the location since it’s unlikely their first job was anywhere else. However, someone who’s spent their whole life moving between cities or countries would make it more difficult to guess. Because of personal factors, the strength of a question may depend on the answer.
What are some examples of a good security question?
Here are a few examples of good security questions. They rate well in all five criteria.
- What is your library card number?
- What college did you apply to, but didn’t attend?
- In what city did your parents meet?
- What was the first concert you attended?
- What was your childhood best friend’s nickname?
What are some examples of a bad security question?
One recurrent trait of a bad security question is being too simple to guess. If the answer is common or easy to find, it won’t offer much safety.
- What was your favorite food as a child?
- Where did you go to elementary school?
- What city were you born in?
- What was your favorite sport in high school?
- What is the name of your oldest sibling?
Do security questions keep you safe?
Because of the ease of finding personal information, security questions aren’t enough to keep you safe. When combined with other factors, such as time-limited passcodes, it can still act as an extra layer of protection.
When setting a security question, it can be tempting to choose easy-to-answer ones for your own convenience. Yet, what’s simple for you may also be quick for others to guess. A 2009 study by Microsoft showed that acquaintances could guess 17% of answers. That number is likely much higher now. With the increase in social media usage over the past decade, people can both share and view an alarming amount of information about each other.
Security questions act as only one factor of Multi-Factor Authentication. It’s still important to have a strong password. IT experts also recommend having at least one possession factor, such as receiving a time-limited passcode on your phone. Services like ITonDemand can help you set these up. Every factor is vital to the user’s safety, which is why it’s important to choose good security questions.
Other Articles You Might Be Interested In:
Technology is a great tool, allowing people to work, collaborate, communicate, and adapt to day-to-day challenges. However, as device and software capabilities have continued to improve, it’s created more complex problems that people aren’t always equipped to handle....
The healthcare industry has continually adapted to the patient, staff, and regulatory needs. Information technology (IT) has been a key component of healthcare globally to support those demands. It’s allowed medical and dental practices to modernize their workflow and...
Online threats are at an all-time high, making healthy cybersecurity habits more important than ever. According to a report by Risk Based Security, there were 28,695 vulnerabilities disclosed in 2021. They noted that even with resource prioritization, patching all...
1423 Powhatan St
Alexandria, VA 22314
233 SW 3rd St
Ocala, FL 34471
N Laurel Park Dr Ste 441
Livonia, MI 48152
1924 Baltic Way #114
Ferndale, WA 98248