How to choose great answers to security questions

Last Updated On October 12, 2018

Many online services require users to set up security answers to security questions as an extra layer of account protection. However, it is common for individuals to answer the questions truthfully, which could actually increase the chances of a successful account compromise. For example, just because your favorite color is red doesn’t mean you should put red.

When choosing an answer to security questions, the first thing that should come to mind is the safety of your account. A great habit to develop is creating answers to your security questions that actually don’t make sense to anyone but you. If someone guesses your password, the chances of them guessing “My car is lime green!” as an answer to the question “What year did you buy your first car?” is much lower. Another great example could be the answer “German Shepherd and Labrador” to the question “What kind of dog was your first dog?” Again, this is not answering the question directly, but putting your own twist to it, thereby reducing the chances of a successful account compromise.

While developing these specific habits can increase your account’s protection against attackers, there are many more out there. Some of these include:

  • Including numbers and/or symbols at the end of your answer
  • Converting certain numbers and letters in their alphanumeric opposite (e.g. replacing o with 0, replacing 4 with “A”)
  • Repeating the answer multiple times (e.g. “RedRedRed”)
Your security answer should be similar to that of a password: easy to remember, but hard to guess.

vonahi footer logo

Meet vPenTest – the leading automated network penetration testing SaaS platform that streamlines the delivery of network pentesting, making it super easy for MSPs to offer SMB clients the ultimate protection. And for internal IT teams, it’s a cost effective and efficient way of evaluating cybersecurity risks in real-time. Say goodbye to manual network pentesting – the future is automated!
Connect with Us

Follow us on social media for the latest vPenTest updates, announcements, and cybersecurity best practices from our security experts.