We are constantly hearing new and revised advice on thinking up and managing passwords, but sometimes we have to deal with more than just passwords when it comes to online security. Some sites also require answers to a series of security questions that can later be used to verify your account or recover a lost password.
In recent years, experts have reconsidered the use of security questions, which may ask you to remember personal tidbits like your pet’s name or the first street you lived on. On one hand, these can be easy to answer, but they may lend you a false sense of security.
There are certain classic questions that pop up again and again, like “What is your mother’s maiden name?” or “What was your high school mascot?” One of the biggest problems with these sort of questions is the answers can be easy to find. Your mother’s maiden name is likely a matter of public record and by simply knowing the name of your high school, a thief can figure out the mascot.
Hackers that accessed user accounts, like with the infamous Yahoo data breach, have also been able to access user security questions and answers. So how can we better secure our security questions? One possible approach is to simply lie about your answers, but even that has some potential pitfalls.
Google’s take on security questions
A 2015 study conducted by Google researchers concluded that “secret questions generally offer a security level that is far lower than user-chosen passwords.” It also uncovered a problem where people who lie about their answers later forget those made-up answers, which made it more difficult for them to recover forgotten passwords.
Ultimately, the researchers say, “We conclude that it appears next to impossible to find secret questions that are both secure and memorable.” While the Google research isn’t optimistic about these kind of questions, they are still in use for a lot of websites, so we need to adapt.
How to manage your security answers
Now back to the idea of lying about your answers. How can you field these sort of questions in a more secure way without forgetting your fictional answers? One solution is to use a password manager, which lets you use hard-to-crack passwords without having to remember each and every one. Most password managers let you keep secure notes. This is where you can store your made-up answers.
If you’re not using a password manager, then be sure you come up with fake answers you can replicate later. For example, if the question asks for your mother’s maiden name, you might instead use your grandmother’s middle name or the maiden name of a favorite celebrity.
If the site gives you the option to create your own security questions, then take advantage of that and come up with obscure questions that would not be easy to find by searching you out online or looking at your Facebook or Twitter profile. You might go with something like “What is the name of your imaginary friend from childhood?” or “What band poster did you have on your wall in college?”
Security questions may one day become obsolete, but in the meantime, it’s smart to take some steps to keep your answers as secure as possible. This is one time where a little lying is perfectly acceptable.