If you can add a security question to your account, do it. It’s an extra lock hackers need to break to get in. But don’t rush — not all questions actually guarantee security. Read on to find out how to choose a good one.
What makes a good security question?
Many platforms ask you to choose a security question, which you will need to answer when logging in or resetting your password. But how do you choose a question that is difficult to crack, but easy for you to answer? Good security questions should have answers that are:
- Memorable. The answer to the question should pop into your head straight away, even if you’re logging in 2 years after you first created the account. Don’t make it the song you listened to on repeat 10 years ago.
- Unique. Security questions shouldn’t have multiple likely answers. Pick something that’s precise, simple, and straightforward. And don’t try to be cheeky and go with a fake answer, lest you outsmart yourself and forget it two months down the line.
- Consistent. It should be factual and not change over time. For example, your tastes in music might change, but the city you were born in won’t.
- Unpredictable. Don’t make the answer something others can easily guess or research. No one except you (and maybe the person involved in that specific life event) should know the answer. And don’t make the mistake of sharing such personal information on social media, or take Facebook quizzes that try to trick you into revealing this information!
Security question examples: Good or bad?
Let’s examine some good and bad security questions.
What was the name of the boy or the girl you first kissed? – This is a good question as it’s personal — most likely you’re the only one to know the answer.
In what city did you meet your spouse/significant other? – A good personal question with a consistent answer. However, the answer may be easy to guess, especially if you’ve never moved countries, haven’t traveled much, or married your high school sweetheart.
What is the middle name of your youngest child? – A great question if you have kids, since this information most likely won’t be available anywhere outside your child’s passport.
What was the name of your first stuffed animal? – A question that requires a consistent and specific answer. Not all kids have a favorite stuffed animal, but if you did, there’s probably no one else in the world who knows its name.
In what city or town did your mother and father meet? – It’s personal and specific. Only you and your family members will know the answer. This information most likely cannot be found on social media, either!
In what city or town was your first job? – This information can be easily found on LinkedIn, or easily guessed if you’ve never moved to another city or country.
What primary school/high school did you attend? – This information can be easily found on LinkedIn or social media channels like Facebook.
What is your mother’s maiden name? – It may take a little bit of digging, but a hacker could find this information from social media or national registries.
What is your favorite movie? – This is a question without a consistent answer. Something you really liked yesterday might not be the movie you’ll love today, since new movies are released all the time and your tastes change.
What was your favorite sport in high school? – A weak question, especially if your Facebook profile is full of pictures of you playing rugby, cheerleading, or doing any other sport. And if it’s not, then there’s a chance that the answer can be guessed if you post a lot of articles about football, for example.
Is there anything else I can do?
Yes! First, limit the information you share on social media profiles and your posts. You don’t need to list your hometown on Facebook to create a profile. Have a look at these tips and reevaluate how you can make your social media profiles more private. This will make the hackers’ job way more complicated.
And if you are confident that you’ve chosen good security questions, but still think you may forget the answers, use a password manager. Many secure password managers, including NordPass, let you add notes to your passwords.
For more cybersecurity tips, subscribe to our free monthly newsletter below.