Article Read Time
Ten or twenty years ago, it was common for accounts with highly personal information on them to ask you to create and answer security questions.
Think about your first social media account, the log-in for your current medical provider, or your profiles on government websites, like the IRS.
Before they knew how to scan your fingerprint or validate a face ID, confidential websites would ask you to answer a question only you know the answer to. Too many wrong answers will “lock down” the account and require additional verification to unlock it again.
These websites often let you choose which questions you want to answer.
- What is your mother’s maiden name?
- What was the name of your first pet?
- In what city were you born?
- What was the make and model of your first car?
- What high school did you attend?
- What was the name of the street you lived on as a child?
Unfortunately, while these questions are common, they are not always the most secure. Why? Because many of these answers can be easily guessed or found through social media, public records, or social engineering. Security questions are generally considered less secure compared to other forms of multi-factor authentication for this reason.
If you do set up a security question, avoid using answers that can be found on your social media profiles or through a simple online search. AI can help hackers scour your social media to find out family members’ names, dates of birth, addresses, school names, and pet names if you post about them.
However, you still need to choose memorable answers, because 40% will forget the answers to their security questions.
Enhance the security of your accounts by choosing or answering security questions that are:
- Memorable: You should be able to recall the answer easily and consistently.
- Unique: The answer should be specific to you and not easily known by others.
- Consistent: The answer should not change over time. Facts are better than preferences.
- Unpredictable: Avoid answers that hackers can easily guess or find online.
Consider using less common questions as well. Instead of the typical questions, opt for more personal or obscure details. Some security experts even suggest providing false but memorable answers. For example, if the question is “What is your favorite color?”, you might answer with a particular shade. That makes it much harder for hackers to guess.
Do treat security questions and their answers like passwords. Could you not share them with anyone?
Consider using alternative forms of MFA. Today, we have many different forms of secondary verification. The safest two are authentication apps and biometric authentication.
Authentication apps generate time-based, one-time passwords that are more secure. You download the app on your phone or tablet, and it will create a series of numbers and letters for a short period. That code allows you to access the account. Unless threat actors have access to your physical device, they can’t gain entry.
Biometrics encompass physical characteristics that can’t be replicated. For example, your fingerprint, retina scan, face ID, and voice recognition are all forms of biometric authentication.
While security questions remain a popular option for MFA, it’s not your only solution. Choose secure, unguessable answers when you do use this method, but consider branching out to biometric or authentication apps instead.
Using MFA makes your accounts up to 99% more secure. Protect your accounts by adding more security verification than just a password can provide.
Commonwealth Sentinel can assist your organization in staying secure by implementing robust password policies, utilizing practical multi-factor authentication tools, and providing comprehensive in-person cyber training for your entire staff. It only takes one lucky cyber criminal to cause damage, so your team must always remain vigilant. To schedule a consultation, click here or contact us at (502) 320-9885.
At Commonwealth Sentinel, we are focused on cyber security so that you can focus on other things.