Security questions are an alternative way of identifying your consumers when they have forgotten their password, entered the wrong credentials too many times or tried to log in from an unfamiliar device or location.
How do you create a good security question? We have come up with some tips and tricks that will help you create the best ones.
- If a question is too hard to answer, it can end up wasting your consumer’s time—and ultimately, it may keep them locked out of their account.
- If the answer is too quickly researched or there are too few possible answers, it can be easy for an attacker to gain access by guessing correctly.
- If the answer has favourite foods or colours. This changes over time.
- If the answer has birthdays, this is one of the easiest codes for hackers to crack.
- If the answer has a school name or location, such information is easily available for attackers.
According to the Good Security Questions website, good security questions should touch all 5 of the below criteria.
- Safe: Cannot be guessed or researched.
- Stable: Does not change over time.
- Memorable: Can be remembered.
- Simple: Is precise, easy, and consistent.
- Many: Has many possible answers.
By their very nature, even so-called good security questions are vulnerable to hackers because they aren’t random. Users are meant to answer them in a memorable way. And those answers could be obtained through phishing, social engineering, or research.
Many social media memes tap into the answers to common security questions, such as the name of your first dog/cat or the street you grew up on. So by innocently posting your superhero name or rapper name on Facebook, you’re inadvertently sharing important personal information.
Multi-factor authentication is a much more robust and secure method of consumer authentication that relies on two or more ways of verifying the consumer’s identity. You can learn more about Multi-factor authentication by clicking here.
By following these simple rules you minimize the risk of hackers forcing their way into your accounts. Lengthy alphanumeric passwords with special and non-repeating characters are much more difficult for an attacker to guess. It also takes significantly longer them to gain access.
Does your company need help with cybersecurity? Do you know of a company that needs a hand? Reach out to us and book a Complimentary Business Systems Assessment.