| Evidence Solutions’ computer forensics and cybersecurity experts all too often see security questions that are not at all secure. Here are some tips to make your security questions and answers better! |
Social Engineering & Data Breach Expert Witness
Security Questions Increase Your Security:
It has become quite common for banks, credit card and other companies to require some security questions when using their online sites. If a password is forgotten or you sign into the site from a new location, many companies will require you to answer security questions to begin or regain access. Here are three tips help thwart attackers from gaining access to your account by guessing your security question answers.
Cyber Security is Not Your Mother’s Maiden Name
Select security questions where only you will know the answer. Too many users choose security questions with answers that are readily available from public records. Questions with answers like your zip code, mother’s maiden name and your place of birth are all-together too easily looked up. A motivated cyber hacker can easily obtain this information. Other answers, like your dog or cat’s name, can be found by reading Facebook posts. Perhaps instead of using your actual place of birth, use a place where you would have like to be born.
Computer Security Answers Are Not Guessable
Don’t use guessable answers to security questions. For instance the question “What state were you born in?” only has 50 answers. Most of the citizens of the United States still live in the state in which they were born. For questions that involve color such as “What color was your first car?” choose an answer other than a plain color. Choose “powder blue” instead of just “blue”. An alternative is to use another language. Use “azul marino” which is Spanish for “navy blue”.
Memories Can Be the Best Cyber Security!
The short generic answer to questions is also bad. Find a question that will trigger a fond memory and make the answer detailed. Choose an answer to the security question that you will remember but is also more complicated than a single generic word. For example, if the security question asks “Where were you married?” the answer shouldn’t be “Beach”. Instead, use “Riviera Beach” or “Soft Sand Beach”.
In short, your cybersecurity answers should not be guessable or researchable. They should be memorable and they should have many possible answers.
