Security Questions: Choose Securely
“What is the name of the street you grew up on?”
“Who was your favorite high school teacher?”
“What was the model of your first car?”
These are examples of possible security questions, which are used in conjunction with passwords for online accounts. As you set up a new account, especially one that’s more sensitive, such as e-mail, banking/financial, or health records, the registration process will include security questions that help verify your identity. After entering your usernames and password, you would answer these questions in cases of: a two-step verification process, use of the account from an unfamiliar device, or if you need to recover the account after forgetting a password or having trouble logging in.
As you set up your account, you will be able to choose from several options for one or more security questions. Be thoughtful when making your choices and supplying your answers. You neither want them to be too obvious that anyone would know them, nor so complicated in the answer that you’re likely to forget.
Here are a few things to keep in mind as you select your security questions:
1) When you type in the answer to your security question, it is like a second password, meaning it is case sensitive and must be an exact match. Just as you would write down a password, write down the question and the answer, being sure to note upper and lower case letters, numbers, spelling, and any special characters. It’s not enough to just remember the general answer, it must match exactly because the account doesn’t recognize the answer as anything other than a series of typed characters. (E.g. If you type “Lassie-girl” as the answer to the name of your dog, it must be entered the same way with a capital L and hyphen, not “lassiegirl” or “lassie girl” or “Lassie Girl”.
2) The answer to the question doesn’t even necessarily have to be an accurate statement. Because the account doesn’t verify your answer with any other information than what you originally type, you can make the response anything you’d like. If you choose the question, “In what town were you born?” instead of a true response of “Reading” (or whatever it is), you could type “Gotham” or “Kryptonopolis” or “Asgard”. Choose your favorite superhero hometown or dream city. Just be sure to record and remember your fun response.
3) Don’t choose questions and/or responses that are obvious or easily discovered. A common security question both on and offline is “What is your mother’s maiden name?” In the past, that information might have been something few people would know, but with social media, many women include their maiden name in a profile so they can connect with people who knew them before marriage. If you or your mother have a maiden name listed in a public forum like that, you may want to remove it or simply not select this as a security question. The same goes for other easily-discoverable data like your hometown, pet’s name, nickname, or “favorites” (favorite film, food, team, etc.).
4) Along with security questions, you may have other verification options you can add to your account, such as a recovery e-mail address or phone number. If you discontinue or change an e-mail or number, remember to update that security information in your online accounts as well. Otherwise you may run into a case of forgetting your password and unable to recover the account because your former recovery phone number is out of service and can’t receive the temporary code to help you log in.
Security questions are like passwords, so keep all of that information recorded together and up-to-date for secure online accounts.