Security Questions are Insecure – How to protect your accounts!
We have seen and heard about that many people have their Facebook, eBay, Bank accounts or other online account hacked. We all know that we should generate a strong and different password for different sites. We always worry about how to keep our password safe and secure, but you never think about the backdoor that may result in leaking your password to hacker. “Security Questions” are the one that can be guessed and answer easily that often pass the password.
But you must thank that many sites are realizing that security question are insecure and they are eliminating it. Microsoft and Google now no more offer security question instead they ask mobile number that is registered with your accounts.
For example – Take the Palin “Hack”
Her Yahoo mail account was hacked by the hacker. The hacker just used the “Forgot your password” link and just answers her security question. The question was “Where she met her spouse” and the answer he has provided was “Wasilla High” and that was gettable through Google search.
Problems with Security Questions
But this was not the only problem for her. When we create any account like Bank or any e-mail account, they always offer a security question to create one. The questions like “which brand car do you own first” or “what is your favorite sport”, etc. Some of the websites provide the list of suggested security question from which you can select your desired question to answer it. Some allow you to create your own security question but many websites provides the limited question to choose from and answer it that you could easily remember.
The major issue with security question is that the answers are very clear and understandable. The answers to security question like “where did you go to high school”, “When is your birthday”, etc are publicly knowledgeable, if anyone take care of it. They may even be able to get answer from internet search like from Facebook, twitter, Google, etc. Even if the answer is not public, most people share such details to in normal conversation with other.
Basics about security Questions
You do not have to deal with your own security question until and unless you forgot or opt for reset an account password. But if you forgot your password or you want to reset it then you have the option by clicking on link “Forgot your Password” and if you give the correct answer, you are given the access to that particular account. And as result your security question allow passing over your password. Hence your account is no more secure no matter how much stronger your password is.
Security question are easy to guess. For example if the question is “What is your favorite fruit?” It is very easy to guess about some common fruit names. Guessing your password may be difficult but guessing some fruit name is not as difficult. So, if your favorite fruit name is “Strawberry” and you answer the question correctly, then you will be able to get access to the account.
Though all the websites will not provide to reset account and give access to other person just because you know answer to the security questions, but may some website will. Other websites may ask other personal information and security question are just the part of authentication.
How to Select and Answer Security Questions
Take a note while selecting a security questions and answer. Select the question which would be difficult for other to guess it easily, not something like when is your birthday.
Second alternative method you can opt for where website allow you to create your own security question. You can create question like “what is your answer” or any reference that you would only know. You can then create an answer that is as secure as your question – may be you create answer like “Answer”. With an answer like this you create a second password which would be difficult for other to guess it.
Some website forces you to select security question from the list suggested by them. In such cases you can give a wrong or a lie answers to such question. For example – If question is “where you have born” as you know that you live in New York and you have born here, just don’t simply answer “New York” – because that is obvious answer, you can answer like “In Moon or Jupiter” or any other silly or lie answer that you would remember but other will find it difficult to guess.
The above tips may help you a lot but you may want to keep your security question answer safe in case if you need to provide it in future you can then use password manager to handle your security questions. It helps you in generating strong password and keeps track of it. Such programs also help you to “answer” your security question and stores you’re made up answer.
Even if you concerned about creating strong password but answering to the security question honestly can often risk the protection of your online accounts. To protect your account treat security questions like a second password. As always it is much easier if you go for password manager software which help in creating and protecting your password.