It is now more important than ever that consumers use strong security questions with strong security answers on their online financial and purchasing accounts. With most people home due to the COVID-19 pandemic, more of us have been taking advantage of online banking and shopping on the internet. That means a lot of online accounts have been and will continue to be created. One common step in creating an online account is picking a security question in case the creator of the account cannot remember their password. It is meant to be another layer of security for the authentication process.
While this alternative way of identifying customers can be very useful, it could also put more personal information at risk of compromise should the company fall victim to a data breach. For example, if someone selected “What are the last four digits of your Social Security number?” as their security question and provided that credential as the answer and the company’s online user database was breached, hackers could have that piece of personal information to use to flesh out more details of the person’s identity credentials.
However, there are things people can do to keep themselves safe while using strong security questions as another form of authentication.
When creating an answer to a security question, the response doesn’t have to be the exact answer. In fact, people that are signing up for online shopping, and other non-sensitive online accounts, should consider providing alternative answers. Doing so creates a strong security answer because it would be nearly impossible for anyone to research or guess. For example, if “What is my mother’s maiden name?” was selected as a security question, using an alternative like their mother’s nickname or some other name doesn’t give away a very valuable component of your security question. The answer should be stored in a password manager or on a piece of paper that is securely locked away.
With that said, creating alternative answers to security questions should only apply when someone is creating an account for a business or institution that doesn’t require highly sensitive information to verify their identity. If someone was creating security questions and answers for an account with a credit union, lending institution or medical provider that uses that information to authenticate the user’s identity, they would want to provide accurate answers.
Some other tips to keep in mind while trying to pick strong security questions include:
• Select a security question that cannot be guessed or researched over the internet, social media profiles, etc.
• Select a security question that will not have to be changed over time.
• Select a security question that is easy to answer, but not obvious to others or easily researched.
• Select a security question with a precise answer that does not create confusion.
Users should make sure they are selecting strong security questions that will keep them safe. They should not be afraid to use alternatives for the answer if it will protect identity credentials. People should also make sure their answers are as strong as their passwords. People can do their part to protect themselves by using things they don’t like instead of do like. Take a different view of how all your accounts are set up, because think about people who know you, could they come up with your password. Something to think about.