Introduction

Ten or twenty years ago, it was common for accounts with extremely personal information on them to ask you to create a security question.

Think about your first social media account. The log-in for your current medical provider. Your profiles on government websites, like the tax man.

Before they knew how to scan your fingerprint or validate a face ID, confidential websites would ask you to answer a question only you know the answer to. Too many wrong answers will “lock down” the account and require additional verification to unlock it again.

Most Common Security Questions

These websites often let you choose which questions you want to answer. Which ones are most common to see in these scenarios?

• What is your mother’s maiden name?
• What was the name of your first pet?
• In what city were you born?
• What was the make and model of your first car?
• What high school did you attend?
• What was the name of the street you lived on as a child?  

Unfortunately, while these questions are common, they are not always the most secure. Why? Because many of these answers can be easily guessed or found through social media or public records.

The Problem with Security Questions

Security questions are generally considered less secure compared to other forms of multi-factor authentication, because the answers to security questions can often be guessed or found through social engineering or public information.

If you do set up a security question, then don’t use answers that can be found on your social media profiles or through a simple online search. AI can help hackers scour your social medias to find out family members’ names, dates of birth, addresses, school names, and pet names if you post about them online!

You still, however, need to choose memorable answers, because 40% will forget the answers to their security questions.

Giving More Unique Answers

To enhance the security of your accounts, consider choosing or answering security questions that are…

• Memorable: You should be able to recall the answer easily and consistently.
• Unique: The answer should be specific to you and not easily known by others.
• Consistent: The answer should not change over time. Factual information is better than preferences.
• Unpredictable: Avoid answers that can hackers can easily guess or find online.  

Consider using less common questions, too. Instead of the typical questions, opt for more personal or obscure details. Some security experts even suggest providing false but memorable answers. For example, if the question is “What is your favorite color?”, you might answer with a very specific shade. That makes it much harder for hackers to guess.

Overall, treat security questions and their answers like passwords. Don’t share them with anyone!

Alternative Forms of MFA

In these days, we have many different forms of secondary verification. The safest two are authentication apps and biometric authentication.

Authentication apps generate time-based, one-time passwords that are more secure. You download the app on your phone or tablet, and it will generate a series of numbers and letters for a short amount of time. That code lets you into the account. Unless threat actors have your physical device, they can’t get in.

Biometrics encompass physical characteristics that can’t be replicated. For example, your fingerprint, retina scan, face ID and voice recognition are all forms of biometric authentication.

Conclusion

While security questions remain a popular option for MFA, it’s not your only solution. Choose secure, unguessable answers when you do use this method, but you may consider branching out to biometric or authentication apps instead.

Using MFA makes your accounts up to 99% more secure. Protect your accounts by adding more security verification than just a password can provide.

The post Do Security Questions Make Good MFA? appeared first on .