How to choose the best security questions
(Last updated on February 5, 2020)
It’s good to remember two things when choosing security questions: keep them safe and make sure you remember them. If another person can answer your security questions, they will be able to reset your password and gain access to your information, causing a security breech. Since many people answer their security questions when they first enroll in a self service password reset solution, and may not think about these again until they are locked out, remembering the answers to your questions and avoiding social engineering attacks are both important.
To help you choose the best security questions for password reset identification, we’ve put together this how-to guide.
1. Avoid your password and username
When you answer your security questions the very first time, be sure to choose answers that cannot be associated with your password or username in any way.
2. Choose questions with hundreds of possible answers
Some classic security questions have very few probable answers. What is your favorite color? It takes minimal effort to come up with a few possible answers.
3. Avoid answers that can be easily researched
Thanks to social media, personal information is easy to find online today. When choosing questions, and deciding your answers, avoid any answers that are publically available including the year you were born, the name of the school you went to, your mother’s maiden name or the name of your pet.
4. Pick questions you know the answers to
Of course you should know the answers to your security questions, but you should also pick questions that you will be able to answer consistently today, next month and three years from now. Don’t choose a question if the answer can be written in many different ways, or if your answer is likely to change over time.