What is a Security Question? An Easily Guessed Password!
Security questions...Whether you love or hate them, they’ve been commonplace for long enough that you’ve probably used at least one. Maybe you forget your passwords. Or maybe you don’t access all of your accounts often enough to remember those specific passwords. Lucky you though, you’ll always remember that beautiful honeymoon you spent in San Jose, California. Unfortunately, so will a lot of other people. If you were using social media at the time, then anyone who wants to know can find out rather easily.
Let’s be clear about this. A password by any other name, is still a password. You shouldn’t recycle passwords by re-using them on multiple accounts and websites. That weakens what security your login credentials provide you. If a chain is only as strong as its weakest link then every time you re-use a password you’re adding another potential point-of-failure to that chain.
Security questions are links in that chain.
They’re just another password for accessing your account!
Here’s some ways you can secure the process:
Some services allow for you to customize your own question. If you really need that security question to access your account, for whatever reason, make it something that only you know. Honeymoon locations are easy information to find out, as are family members names. Instead why not try something more private or esoteric that you’ll still remember? It doesn’t need to be embarrassing, but hey, if you remember the name or date of any particular life event that you know other people are unaware of… just go with it.
If they don’t allow for custom questions, why not provide a blatantly wrong answer? Maybe your actual honeymoon location wasn’t your first pick? Use your first choice of destination as the actual answer. If you wanted to go to Paris for your honeymoon but wound up in Reno… well, I’m sorry, but at the very least the memory of that disappointment can serve to secure your account!
Better yet, if you have a secure password solution for your accounts, like AuthAnvil, why not simply generate a randomized string of symbols and save it in your very own secure password vault? You could even write the secret question and it’s answer in the notes and rest securely in the knowledge that your secret question is just as, if not more secure, than your general use password.
There are three things to take away from this:
- A security question is a password!
- You should protect your passwords and never recycle them (it weakens the chain)!
- Your data is always valuable, even if only to gain access to more valuable materials!