Think the answers to your security questions are safe? Think again.
Your mother’s maiden name. The street you grew up on. The color of your first car. Your childhood best friend’s name. Where your parents met. Your favorite country. Where you met your mate. The city where you were born.
Oh, the endless requirement of selecting new security questions when you open a new account. The odd part of these insecurity questions is that none of the responses are actually secrets that only you would know.
There are a couple of reasons for this. The first is that with the advent and proliferation of social media services such as Facebook, Instagram, Twitter and many others, it is easy for anyone to find out the answers to these questions. As a society, we now proudly announce every milestone in our lives—which are often the answers to the security questions we have selected. And I’m sorry to say, but using privacy settings won’t help you much in this case.
The second reason is related to breaches. Barely a day goes by that we don’t hear of the latest breach of a system that has revealed personal data of individuals. This is beyond the disclosure of user IDs and passwords. Some breaches released the answers to your security questions. Both the Yahoo breach—which dominated the news cycle before its acquisition by Verizon—and the Equifax breach included various pieces of personal data.
So how can you protect yourself against the compromise of your accounts where anyone can request a password re-set just by answering one or more security question?
The first suggestion is that if your account provider allows you to use a different method of authenticating to your account (proving you are who you say you are), such as two-factor or strong authentication, select that option.
The second suggestion is to change the answers to all your current “insecurity” questions in all of your accounts (a pain, I know). But here is the most important tip to remember when changing your security questions: lie. We tell our kids never to lie, but sometimes you have to make your own rules. In this case, don’t answer the questions the way a normal person in conversation would answer the questions.
As an example, your favorite country can be Blue283. The city where you were born can be Dinosaur283. The street you grew up on? Case283. You see a bit of a pattern I created to help from a memorization perspective. Another way to answer the questions is with a string of random characters, such as jfhcdjffQ2.
At this point you are probably thinking, “How am I going to remember all these new security answers?” The answer is, you’re not!
And if you are explaining this concept to your children as they set up accounts online, remind them that some super heroes (Wonder Woman, Batman, Supergirl, Flash, Ironman, Arrow, Superman) protect their true identities—their personal information—when they go out to help others and save the world.