How secret are your secret questions?

Anytime there is a discussion about keeping your information secure and private, the subject of secure passwords comes up. Experts say not to use simple passwords like “qwerty,” “12345,” or “password”, or ones containing your name. Those might seem like very obvious things to avoid, but with passwords needed to sign into everything from social media to bank accounts, the urge to keep things as simple as possible is strong. And that’s the challenge- how do you make sure your passwords are secure enough, but also easy to remember across your multiple accounts?

You can choose to change your passwords regularly, have unique ones for each site you use or make use of password manager apps to keep track of everything. Now the next concern is around secret questions. How secure are your secret questions? Should businesses get rid of them or be more responsible with the questions they decide to use?

During the initial stages of setting up a new account on most websites, you may remember being asked to set these secret questions up, to increase security around your new account. There are a few that seem to be used by various companies, and they don’t tend to differ much at all: “What is the name of the elementary school you went to?” , “What is your mother’s maiden name?”, “What is the name of your first pet?”. They seem harmless, but they are not.

There are two major issues with secret questions.

1. They are not very creative. Most companies use the same list of questions. Every once in a while there will be a company that will have the customer make up their own security questions and give their own answers. This is the best way to do security questions if they must be used at all. Having the option to create your own questions and answers ensures that if a hacker tried to access your account, they would have a hard time trying to find out the name of the first Beatles song you ever heard or the name of your first crush. Companies should ask the users to review their questions from time to time to allow them to add more secure ones instead of the initial ones.
2. Answers for generic questions can be easily worked out. Take one of the most used questions- the user’s mother’s maiden name. This information can be found on marriage licenses and is also asked by most financial institutions on credit applications. If anyone gains access to a copy of a user’s marriage license (which is a matter of public record in some states) then they would be able to answer that question easily. Another common question that is used, and might be even easier to answer is what elementary school a person went to. A simple search through Facebook profiles might provide answers to that one.

It’s quite scary what information about individual can be found on the internet either through social media profiles or public records. Having companies show more variety in the questions or allow customers to create their own secret questions would make things more secure.

Until that happens, there are a couple of things you can do to keep your information more secure:

• Give made up answers. For instance, answer the school question with a fictitious school like Hogwarts. List Lady Gaga as your mother’s maiden name. Just remember what answers you gave, and don’t reveal them to anyone.
• Activate two-factor authentication whenever possible. Securing your information is important, and it goes well beyond just having a strong password.