When you set up a new online account, the website or service will usually ask you to select security questions and then answer them. This is to verify your identity as a second layer of login protection. Some websites enforce a security answer upon every login, and some use it as a “forget password” feature.

However, if you answer in a straightforward and truthful manner, you expose yourself to risk. If someone gets a hold of your answers and can authenticate themselves as you without having full access to the account, it can have devastating effects. The key is to lie or answer in a roundabout way in your security answers so that only YOU can access your accounts in the future.

Security questions are necessary protection, from banking information to social media accounts. It’s important you take steps to secure your security questions today.

The Case for Making Up Security Question Answers

Information such as birthdays, anniversaries, names, and favorite things can be easily researched using social media. You may think that not many people know this information, but you would be surprised how easy it is to find out, especially if you haven’t personally shared it.

That’s why it’s generally recommended that you lie when setting account security questions like “what was your first car, ” what was your high school mascot,” and “what is your mother’s maiden name?”

If your website allows you to set custom security questions instead of the generic set of security questions that every else uses, then that’s a win. You can really set up something that won’t make sense to anyone else.

Cons of Setting Up Fake Answers to Security Questions

The biggest con is people set up a clever security answer and then forget either the lie or the roundabout way they answered it. Then they fail a password reset challenge and either spend much time with support to restore access or ultimately lose access to an important account.

How do you ensure you remember your clever security answer? Use a password manager! You have 3 main ways you can easily recall your security questions and answers:

  1. You can store separate notes securely within the password manager.
  2. You can add security questions and answers to the notes field of a login entry.
  3. Or you can create separate login entries for each fake answer.

How to Setup Good Security Questions and Answers

If your website or service allows for custom security questions, think of facts that would uniquely apply to you. These facts and situations have happened to you and that you haven’t shared anywhere with anyone.

They can be insignificant things that make you laugh or private moments representing a nice memory or milestone you have achieved. It can be lofty goals as well, so long as you haven’t shared your big dreams.

Security Questions and Answers to Avoid

Do not use any information that strangers can find out about you by researching you, your friends, your colleagues, or your family. Refrain from sharing details on social media, and make sure your privacy settings are up to snuff.

Avoid questions and answers that directly answer:

  • Your age or date of birth.
  • Your nickname.
  • Your mother’s maiden name.
  • Your best friend’s name.
  • Your first pet’s name.
  • Your school name or school mascot.
  • Your favorite color, band, food, movie, TV show, game, or hobby.
  • Your engagement or wedding anniversary dates.
  • Where you met your spouse.
  • Your first or recent job.
  • Your first or recent boss’ name.

These questions can be answered by scouring any open source media for our digital footprints:

  • Social media
  • Public record databases
  • Data aggregators
  • Alumni associations
  • Wedding registry sites
  • Professional registries or biographies

The Bottom Line

Security questions are a great way of creating another layer of authentication protection, so if an online account doesn’t enforce their use but offers to set them up, please be sure to do so for your own sake.

This ensures that no one else can access your accounts without your knowledge. But you aren’t done here. You need to set up these security questions and answers in a way that the bad guys can’t guess.

Think of the answers to these security questions like you would a regular password, and you will be in the right mindset.