When setting up a password you are always bugged for that infamous security question. These take many forms but they all boil down to the same basic idea – pick a question with an answer that only you would know. It seems simple enough right? The problem is that many of the most popular security questions are simply not secure. You might think they are, but how can anything be called secure when you can find the answer with a quick google search? Here are some of our least favorite security questions because they’re just not secure:
Name of Your Favorite Pet
There is the obvious problem with this one – that you are a human being and your favorite pet may change over time. Even if you have the best dog ever… you’re going to replace that one and get a new best dog ever when the first meets their inevitable demise. However, beyond forgetting which pet is your favorite, there is an even bigger problem with this one – Facebook.
Consider your social media habits: do you really not post anything about your pet? Have you never shared their name on social media? Maybe shared a picture of something adorable they did? If you’re like most users you’ve probably plastered the name of your favored pet all over the internet, so if somebody has already found your username and personal info, they have likely figured out your favorite pet too.
Where Were you Born?
Another terrible one that is just a public records search away. Even though you might not put your birth certificate all over the place, it is still a good bet that you do not keep your place of birth a secret. Why would you? It’s usually a good conversation starter and it used to be information that couldn’t be used against you.
Unfortunately if you are using this as a security question, it’s likely that anybody can figure it out. Not only do you often have this listed on social media accounts, but as stated before it’s often easy enough to find through public records. The place where you were born is not something only you would know or others would be unable to find out.
Name of your Hometown
This is another one that suffers from problems of easy discovery. Hometown is likely something you advertise about yourself if only so that people don’t end up bugging you at 3am in the morning not accounting for the timezone differences. This is information that, like the others, is easily discoverable through social media.
You could always try hiding your hometown… but it is also something that can be found through a clever public records search.
Getting Around the Security Question
As a consumer, the best way around the problem of insecure security questions is to lie. Keep an offline document or something that tells you how you answer these sorts of questions and simply use other ‘passwords’ to answer them. It is inconvenient as you won’t know the answers off the top of your head, but it is the safest way to keep your accounts from being hacked.
If you’re a business owner looking for alternatives, the best approach is to take information provided by the customer and make sure they match. Name, phone number, address, if something is out of place then it might be fraud. Services like Cognito help with verifying customer information and making sure everything matches up like it should.
Remember: If Two People Know, It’s Not Secret
A general rule of thumb is to remember this saying. Information that you share with others or spread around should be assumed to be easily discovered, and if you base a security question around it you are easily compromised. Take that extra step and make sure to keep your personal information hidden as it should be.