Security Questions: Secure or Insecure

September 16, 2016 at 4:30 PM

                         Security Questions: Secure or Insecure?

We are always reminded to create secure passwords to protect our accounts and most of the time we think passwords cannot be hacked. But, for all the time we spend worrying about our passwords, there’s a backdoor we never think about. So, are security questions really secure, reliable and trustworthy? Let’s find out.

When setting up anything from email accounts to bank accounts we are often asked to set up a security question. Invariably, we will be provided with a list of suggested questions i.e.   ‘What was the name of your first pet?’ or ‘What high school did my mother attend?’ Some applications allow you to create your own personalised question but many websites force you to choose their own. They also force you to set up multiple security questions and answers, which means you can’t just choose a single answer that’s easy to remember, instead you have to remember several answers.

The Problem With Security Questions :

Security questions, also know as ‘secret questions’ are either secure or easy to remember, but rarely both. The fundamental issue with security questions is the answers are too obvious. The answers to many security questions like ‘What high school did you go to?’ or  ‘What is your date of birth?’ are nowadays public knowledge, if anyone cares to take the time to look. Even if they are not public knowledge, people tend to discuss such details in normal conversations with colleagues and friends.

A new in-depth study from Google reveals that the security questions most individuals use as an additional layer of security are often less secure and easier to guess than user chosen passwords. If you have never reset an account’s password, you may never have to deal with your own security questions and may forget about them. You’re often able to click a link that helps you recover a forgotten password and if you answer the security question correctly, you’re given access to that account. As a result, you can easily bypass your password. Your account is no longer as secure as your password is, it’s only as secure as your most obvious personal details. Not every service will reset your account and give someone else access just because they know the answer to your security question, but some will. Other services use security questions as part of an authentication process that may require additonal personal information.

Choosing and Answering Security Questions:

Just remember, chose something that would be difficult for other people to find out or guess. For example, if you are given the option to write your own security question, make it something only you would know the answer to. Also, keep in mind that you don’t have to answer the questions accurately. For example, if the question is ‘What city were you married in?’ and if you have lived in Tauranga your entire life, you probably don’t want to enter the obvious answer. Maybe your answer could be an alternative i.e. ‘On the Moon’, it doesn’t really matter, as long as you remember the answer.

Security questions are insecure, but even if you’re forced to use them or forced to use an insecure question, you’re never forced to provide a correct answer. Whatever you do, just make sure you are not opening a backdoor to an attacker who could use it to bypass your password.

Below shows some examples of security questions you might recognise while creating accounts;

If you have further concerns about any other IT related issues please feel free to contact our team at McDonalds IT and we can help you.

Source :


Category: Security


Leave a Reply

(Email addresses will not be published.)

Please type the letters and numbers shown in the image.Captcha CodeClick the image to see another captcha.