Choose Good Security Questions and Better Answers

Security questions are a part of the internet, right up there with logins and passwords. No one thought much about them until Sara Palin's Yahoo account was hacked because her security question was something stupidly easy to find online: "Where did you meet your spouse?" (which is apparently still being used as a security question)

So now that security questions have been given the attention they deserve a few security-conscious websites allow users to write their own. The problem with most security questions is that they can be found out by digging through public records, social profiles, and a little deep Google work. Here is our perspective on what really makes a question secure.

I hate the idea of people googling "good security questions" and being offered poor questions like "What is your oldest sibling’s birthday month? (e.g., January)". Bet I can guess it in twelve or less! or "Where does your nearest sibling live?" Gee, hope you two aren't friends on each other's facebook or myspace, because it would only take a minute to find the answer.

What makes a security question a good one?

A good security question will have the following characteristics:

  • 1. Easy to remember, even 5 or 10 yrs from now
  • 2. At least thousands of possible answers
  • 3. Not a question you would answer on facebook, myspace, in a "Fun Questions to Ask" survey, or in an article or interview
  • 4. Simple one or two word answer
  • 5. Never changes

 Things to avoid:

  • 1. Favourite foods, colours, etc: these change over time
  • 2. Vehicle make and model: there's only so many types of cars, trucks, etc. Most people could rattle off the popular makes and models of a era rather easily
  • 3. Birthdays: birthdays are poor because they're easy to find online, even siblings or parents, since most social networking sites will send out alerts to everyone when birthdays are approaching
  • 4. What is family member's name or birthday: again, if they're family there's a good chance they're your friend on a social networking site, so this info would be easy to find
  • 5. School name, location, etc: it is usually easy for someone to find out the area a person lives or grew up, and there's usually only so many schools in an area
  • 6. First job location, name, etc: again, usually easy to find out where someone grew up, there's a limited number of popular first jobs, and this is a question you might answer in a "Fun Questions to Ask Friends" survey
  • 7. What is colour of....: poor question because there's only so many colours of vehicles, hair, etc, unless you got very specific like "desert sand mica", even still friends and family would know the colour and there might even be photos of your vehicle on your facebook, myspace, etc


So here's a list of suggestions I've come up with and why they are good questions, follow the idea to compose your own:

What was the last name of your third year teacher? It's unlikely that you answered this anywhere, teachers change over time and most schools will have multiple teachers for each year
What was the name of the boy/girl you had your second kiss with? First kiss seemed too obvious, unlikely you went into great detail online about your second kiss
Where were you when you had your first alcoholic drink (or cigarette)? Again, unless you're a teenager and you posted online how excited you were for your first beer, it's unlikely you answered this anywhere.  Use a specific location and avoid answers like home, school or work.
What's John's (or other friend/family member) middle name? Since most people will not know who "John" is this would make a great question. You can also use their info for hard to guess security questions like "What was the name of John's first dog?"
What is the first name of the person who has the middle name of Herbert? Tough question to answer.  It is very unlikely you posted this anywhere, and since most people do not have their full names online this would make a great security question. 
Where were you New Year's 2000? Since myspace and facebook didn't exist in 2000 it's unlikely this is posted anywhere (unless you're a famous celebrity), but only pick this if the answer is not "at my parents house" and you were alive in 2000.

Netwise: April 2018