When signing up for an online account it is common practice to choose security questions and answers in case you forget your password. Your security is only as good as your weakest link - if you pick a really strong password, but pick a security question and answer that is readily discoverable on the Internet, your account is not secure.
There's two different approaches to this, of which I recommend the latter.
Choose Questions Whose Answers Can't Be Found on Social Media
If you're going to answer these questions correctly, don't choose questions whose answers people can find by searching the Internet. For example, don't pick the mother's maiden name question if you're friends with your mother on Facebook. Don't pick your favorite food or first car questions if you have mentioned them before on social media.
Furthermore, if you pick one of these questions and answer them truthfully, don't mention it in the future on social media, or elsewhere on the Internet. Don't take those fun surveys about your favorite life moments or the like.
Choose Any Question You Want and Make Up an Answer
This is the more secure option, which I've mentioned before. Make up these answers.
One way is to answer the question somewhat truthfully. For example, if you pick "who is your favorite teacher?" you could answer it with someone that isn't quite a teacher, but is pretty close. However, you have to make sure to remember your answer.
The most secure way is to just use a passphrase (not password) generator and save that into your password database. You could just use a password generator, but the problem is if you're ever asked that security question over the phone, it'll be annoying to spell out your password. By using a passphrase generator to string together 4+ random words, you'll have a phrase that is both hard to brute force and easy to convey over the phone.
Subscribe to Seonwoo's Musings
Get the latest posts delivered right to your inbox