We all know that security questions are present for our protection – they provide an extra layer of defence to ensure the safety of our personal accounts and sensitive data.
However, with requests to set up these security questions becoming more common in a bid to make us safer online, it could be having the reverse effect.
How Security Questions Are Leaving You More at Risk
Whether you’re setting up an online banking account or enhancing your email security, it is now likely you will be asked to choose multiple questions. These can be used as an alternative method to logging into your account if you have forgotten your credentials, or answers can be requested if there are multiple failed login attempts.
This issue derives from the fact that each site uses the same list of possible questions, meaning if you know the answer to a person’s security question on one site, you’ll likely know it for many more accounts. But how would anyone learn the answer to your security question in the first place?
Well, the subjects of security questions are things you are likely to never forget. However, these answers are also readily available to anyone who does a little digging. For example, common security questions include:
● What is your mother’s maiden name?
● What was the name of the first street you lived on?
● What was the name of your Primary School?
● In what year was your father born?
In 2015, the US Government’s Internal Revenue Service’s data was hacked and more than 700,000 households were compromised. This was partially due to the fact the criminals were able to guess people’s security questions using personal information they had previously stolen or found online.
What’s the Solution to Insecure Security Questions?
To avoid predictability and reduce the chances of becoming a victim of a successful hack, you could lie when answering security questions. Of course, you would need to remember your fake answer should you ever need to successfully answer these questions yourself.
If you’d like to ensure secure file transfers, then two factor authentication (2FA) could offer an extra layer of protection negating the need for answering questions. 2FA will verify your identity using a second factor, i.e. like your office phone or mobile, and ensure unauthorised login attempts are thwarted even if the hacker knows your password.