How to Construct Strong Security Questions
Even though there are a lot of other ways to add extra security to your accounts across various platforms, there are still some services that employ security questions. This article will offer you some tips that can help you with constructing reliable and strong security questions.
Although it may seem very easy to just type something only you know the answer to in the question field, there are several factors you want to keep in mind when coming up with your security questions. When narrowing down the pool of ideas you have for your question, try to follow these guidelines:
- Question whose answer is safe and personal: make sure you don't simply pick an obscure bit of trivia or a minor character in a novel - this sort of thing can be researched and Googled and is far from secure. Also try to make it a personal question that nobody can guess. Finally, make sure the answer is long enough that it cannot be easily brute-forced or guessed. For example, your favorite food or your pet tarantula's name are bad picks, because the pool of possibilities is relatively narrow. On the other hand, the full name of your first teacher in primary school is a much better option.
- Questions whose answers are fixed and immutable: make sure the answer cannot change over time. This also ties in to the next point in our list - coming up with an answer that is easy to remember. Your cousin's exact address may seem like a great idea at one time, but you will be hard pressed to remember what it was two years later, if your relatives have moved place long ago. Conversely, your aunt's full name is a better option, as it is a piece of information that is not going to change over time.
- Questions whose answers are relatively simple and easy to remember: make sure to pick questions that don't have overly convoluted answers that are long strings of words or full sentences. What may seem like a very secure, long answer may prove impossible to remember at a later point in time, when you haven't looked at your security question prompt in ages.
Make sure you also phrase your questions in a way that will help you come up with the right answer easily. If your question is simply "What was my first motorbike?" and you spell out your answer as "Husqvarna Nuda 900R", you may find it impossible to remember the 900R at the end next time you need to enter your answer.
Combining those approaches will usually help you come up with security questions that are both sufficiently specific and hard to brute force and at the same time easy enough to recall the answers to when the need arises.