Advice for Creating Security Questions
Tips on Creating Solid Security QuestionsWe’ve all been there and we’ve all seen it: the dreaded shake of the login box complete with those annoying, harsh red words.
With so many necessary online accounts, it’s inevitable that you will one day attempt to log into your Facebook, bank account, or even your email and be greeted with this image:Again, we’ve all been there. And we all know the next step: the Security Questions.
In this message, we’ll discuss why Security Questions often aren’t very “secure” at all and how your team can pick better questions that you will remember and that will effectively protect your practice’s online information.
Why Security Questions Fail to “Secure” Your Information
The problem with stock security questions is that they often ask for information that can easily be found by digging through information that is available to the public. For example, read the following questions. I guarantee that, regardless of whether you and I have ever met, I could easily find the answers to the questions by searching through your social media accounts or public information.
What is your mother’s maiden name?
What was the name of your elementary school?
Where were your parents married?
What is your sister’s birthday month?
Now, if I can find this information, think how much easier it would be for a skilled hacker who is hell-bent on retrieving valuable information from your team. Scary, huh?
The good news is that many sites give users the option to pick from a list of questions or even to create personalized questions. Read on to learn how to choose questions that better protect your private information.
How to Create Solid Security Questions
It’s surprising how much personal information we reveal on public platforms. Even if you have private accounts on Facebook and Instagram, you can’t guarantee that your friends or followers aren’t posting pictures and information about you that can lead hackers toward the correct answers to your security questions.
- Stay away from questions that can be answered by digging through your practice’s social media accounts.
Sometimes, all it takes is a sweet, revealing happy birthday post from a close friend to give a hacker just enough information to make an educated guess at your security answer. Even if the question refers to a location from years ago, it is easy to figure out where a person grew up or used to live. Once this is known, schools and other locations can easily be narrowed down.
On top of all this, if your practice has a business Facebook page, it’s most likely not private and discloses information about your team members (aka the people who choose the security questions).
Like we mentioned in the last message about creating strong passwords, your ability to remember your password or security question answer is important. Choose a question with an answer that never changes to make it easier for you to remember. For example, your answers to questions like “Who is your best friend?” or “What is your favorite food?” may change over time, so avoid these.
- Choose a question with an answer that remains the same.
Answers that only require a certain month are common, but very easy to guess. Think about it: it takes at the most 12 guesses to hit the jackpot. Even questions that start with “How old were you when…” can be very easy. Instead, choose a question like “Who was your best friend in 3rd grade?” It’s unlikely that you’ve disclosed this information on current social media accounts and there are thousands of possible names.
- Choose a question that has MANY possible answers.
You may see advice to reply to common questions (like “What is your mother’s maiden name?”) with a fake answer, but that may be hard to remember. It’s better to follow the recommendations above and choose a real answer that you won’t forget.
- Choose an answer that is memorable.
Identity theft, fraud, and stealing valuable private information is an ever-increasing threat in today’s society. Don’t let it happen to you. We hope this information will help you think harder about the security questions you choose for your practice’s accounts. Have fun picking more “secure” security questions!Tips on Creating Solid Security QuestionsWe’ve all been there and we’ve all seen it: the dreaded shake of the login box complete with those annoying, harsh red words.
With so many necessary online accounts, it’s inevitable that you will one day attempt to log into your Facebook, bank account, or even your email and be greeted with this image:Again, we’ve all been there. And we all know the next step: the Security Questions.
In this message, we’ll discuss why Security Questions often aren’t very “secure” at all and how your team can pick better questions that you will remember and that will effectively protect your practice’s online information.
Why Security Questions Fail to “Secure” Your Information
The problem with stock security questions is that they often ask for information that can easily be found by digging through information that is available to the public. For example, read the following questions. I guarantee that, regardless of whether you and I have ever met, I could easily find the answers to the questions by searching through your social media accounts or public information.
What is your mother’s maiden name?
What was the name of your elementary school?
Where were your parents married?
What is your sister’s birthday month?
Now, if I can find this information, think how much easier it would be for a skilled hacker who is hell-bent on retrieving valuable information from your team. Scary, huh?
The good news is that many sites give users the option to pick from a list of questions or even to create personalized questions. Read on to learn how to choose questions that better protect your private information.
How to Create Solid Security Questions
It’s surprising how much personal information we reveal on public platforms. Even if you have private accounts on Facebook and Instagram, you can’t guarantee that your friends or followers aren’t posting pictures and information about you that can lead hackers toward the correct answers to your security questions.
- Stay away from questions that can be answered by digging through your practice’s social media accounts.
Sometimes, all it takes is a sweet, revealing happy birthday post from a close friend to give a hacker just enough information to make an educated guess at your security answer. Even if the question refers to a location from years ago, it is easy to figure out where a person grew up or used to live. Once this is known, schools and other locations can easily be narrowed down.
On top of all this, if your practice has a business Facebook page, it’s most likely not private and discloses information about your team members (aka the people who choose the security questions).
Like we mentioned in the last message about creating strong passwords, your ability to remember your password or security question answer is important. Choose a question with an answer that never changes to make it easier for you to remember. For example, your answers to questions like “Who is your best friend?” or “What is your favorite food?” may change over time, so avoid these.
- Choose a question with an answer that remains the same.
Answers that only require a certain month are common, but very easy to guess. Think about it: it takes at the most 12 guesses to hit the jackpot. Even questions that start with “How old were you when…” can be very easy. Instead, choose a question like “Who was your best friend in 3rd grade?” It’s unlikely that you’ve disclosed this information on current social media accounts and there are thousands of possible names.
- Choose a question that has MANY possible answers.
You may see advice to reply to common questions (like “What is your mother’s maiden name?”) with a fake answer, but that may be hard to remember. It’s better to follow the recommendations above and choose a real answer that you won’t forget.
- Choose an answer that is memorable.
Identity theft, fraud, and stealing valuable private information is an ever-increasing threat in today’s society. Don’t let it happen to you. We hope this information will help you think harder about the security questions you choose for your practice’s accounts. Have fun picking more “secure” security questions!