Q&A Monday: Security Question Safety?
Question:
With all the talk about making a password secure, I noticed that someone with enough knowledge of me would be able to reset my password using the security questions. These questions are similar across almost every site that I visit and a friend or determined enough hacker could easily guess the answers, any idea on a way to help keep my accounts secure with the security questions?
Joann Power
Portland, OR
Answer:
This is a great question, and I apologize for holding it a little while until National Cyber-security Awareness Month, but this was just too good to pass up. I prefer a different method (when available) to secure my online account, but I’ll talk about that later in my response and answer your questions directly. Now to help better secure your security answers, is easy, it’s something I call, answering a different question. The best example I can give you:
Security Question:
“Name of your favorite book”
Answer:
Xbox
OR
Security Question:
“Name of your childhood friend”
Answer:
Purple
Now there is some pre-planning that needs to go into this, you’ll need to make sure the questions and answers are the same (or similar) across all the sites….I have about 8 questions that cover all the sites I visit….and you need to make sure you reset them on every site. All this does, is keep someone from being able to gather enough information about me to guess correctly at my questions. I’ll be honest, it took a little bit of time where I had to refer to a note to be able to correctly answer the questions, but eventually I was able to remember the question and answer combination without thought.
As I mentioned, there is an even better way to secure the account, and that’s with two-factor authentication, but unfortunately it’s not universal yet, and usually only major companies (Google, Dropbox, Microsoft, Twitter, Facebook, etc)have it. This send either a text to your cell phone with a code or some sites have a piece of software that is on your phone and generates a code that the website will ask you. The reason I like these, because even if a hacker has your password and can guess your security questions they can’t get in without the second authentication piece your cell phone. Admittedly this can be a little annoying when, before you can log in, you need to enter a code to get to your favorite websites, but in the end security is the best policy.