Security questions are used to verify a person’s identity on password-protected networks or websites. They can be used to reset passwords and as a secondary form of identity verification. However, they are less secure than passwords and can be compromised through internet sleuthing. Users and developers should choose and word questions carefully to minimize security risks.
A security question is a question used to verify a person’s identity on a password-protected network or website. Users typically choose one of several biographical questions to answer when creating online accounts. So, if a user forgets their password, they will be prompted to answer this security question. If you answer the question correctly, the system will send you information on how to reset your password. Security questions can also be used as a secondary form of identity verification after password entry, such as if the user logs in from an unknown location.
Security issues have gained favor since the early 2000s due to what is sometimes called “password chaos”. Someone who uses the Internet for work, school, banking, personal communications, etc., may have dozens of different usernames and passwords that can easily get confused. Before the advent of security questions, the user might have to call customer service to manually reset their password. Sites that allow users to reset their passwords via a security question save money for businesses and time for users.
While security questions are a convenient way to reset a password, they’re generally considered to be much less secure than the password itself. A common security question, for example, is “What is your mother’s maiden name?” This information, while it may not be widely known, can often be found through a bit of Internet sleuthing, thus compromising the user’s account. Other information that is sometimes used in security questions could include pet names, favorite vacation spots or school information, much of which is regularly posted on social networking sites.
Because of these security risks, both users and network developers need to be careful which security questions they choose and how they answer them. A good security question should have many possible answers that a hacker probably wouldn’t be able to guess. Users should be careful not to post security question information anywhere on the Internet.
Developers should also word questions so that there is only one possible way to write the answer. For example, the answer to the question “What is your mother’s date of birth?” it could be spelled “July 1, 1948,” “July 1, 1948,” “7/1/1948,” or anything else. A user who has forgotten their password is likely to not remember how they wrote the answer, making this security question poorly written. A better question would be, “What is the month and year of your mother’s birth (e.g. July 1948)?”
Protect your devices with Threat Protection by NordVPN
