Geeks With Blogs
iamjames like the title says, I'm James

Security questions are a part of the internet, right up there with logins and passwords.  No one thought much about them until Sara Palin's Yahoo account was hacked because her security question was something stupidly easy to find online:  "Where did you meet your spouse?" (UPDATE:  which is apparently still being used as a security question)

So now security questions have been given the attention they deserve, but I still see supposedly knowledgeable websites (I'm looking at you goodsecurityquestions.com) suggesting really poor security questions.

Because I hate the idea of people googling "good security questions" and being offered poor questions like "What is your oldest sibling’s birthday month? (e.g., January)" (Bet I can guess it in twelve guesses or less!) or "Where does your nearest sibling live? " (Gee, hope you two aren't friends on each other's facebook or myspace, because it would only take a minute to find the answer), I've decided to post actual good security questions and why they're good questions.

A good security question will have the following characteristics:
1.  Easy to remember, even 5 or 10 yrs from now
2.  At least thousands of possible answers
3.  Not a question you would answer on facebook, myspace, in a "Fun Questions to Ask" survey, or in a article or interview
4.  Simple one or two word answer
5.  Never changes

Things to avoid:
1.  Favorite foods, colors, etc:  these change over time
2.  Vehicle make and model:  there's only so many types of cars, trucks, etc.  Most people could rattle off the popular makes and models of a era rather easily
3.  Birthdays:  birthdays are poor because they're easy to find online, even siblings or parents, since most social networking sites will send out alerts to everyone when birthdays are approaching
4.  What is family member's name or birthday:  again, if they're family there's a good chance they're your friend on a social networking site, so this info would be easy to find
5.  School name, location, etc:  it is usually easy for someone to find out the area a person lives or grew up, and there's usually only so many schools in an area
6.  First job location, name, etc:  again, usually easy to find out where someone grew up, there's a limited number of popular first jobs, and this is a question you might answer in a "Fun Questions to Ask Friends" survey
7.  What is color of....:  poor question because there's only so many colors of vehicles, hair, etc, unless you got very specific like "desert sand mica", even still friends and family would know the color and there might even be photos of your vehicle on your facebook, myspace, etc

So here's a list of questions I've come up with and why they are good questions:
What was the last name of your third grade teacher? It's unlikely that you answered this anywhere, teachers change over time and most schools will have multiple teachers for each grade
What was the name of the boy/girl you had your second kiss with? first kiss seemed too obvious, unlikely you went into great detail online about your second kiss
Where were you when you had your first alcoholic drink (or cigarette)? Again, unless you're a teenager and you posted online how excited you were for your first beer, it's unlikely you answered this anywhere.  Use a specific location and avoid answers like home, school or work.
What was the name of your second dog/cat/goldfish/etc? First pet's name is too obvious, but only use if your second pet isn't your current pet. 
Where were you when you had your first kiss? Great question, even if you talked about having your first kiss online it's unlikely you went into great detail about where you were.  Just make sure the answer is short and not obvious like "homecoming dance" or the name of your high school
 When you were young, what did you want to be when you grew up? only use if the answer is not cop, doctor, firefighter or other very obvious answers
 Where were you when you first heard about 9/11? A little morbid, but most of us are probably not likely to forget the answer.  Use a specific location, avoid answers like home, school, or work.
 Where were you New Year's 2000? Since myspace and facebook didn't exist in 2000 it's unlikely this is posted anywhere (unless you're a famous celebrity), but only pick this if the answer is not "at my parents house" and you were alive in 2000.
What's John's (or other friend/family member) middle name? Since most people will not know who "John" is this would make a great question.  You can also use their info for hard to guess security questions like "What was the name of John's first dog?"
 Who was your childhood hero?  Since a childhood hero could be anyone this could be a good question as long as answer is not superman, my dad/mom or my brother/sister
 What is the first name of the person who has the middle name of Herbert? Tough question to answer.  It is very unlikely you posted this anywhere, and since most people do not have their full names online this would make a great security question. 



Here's some questions that seem like they're good but they're really not.  I found all of these security questions online labeled as "good" security questions

What was your childhood nickname? Very likely your friends and family know this, and you might have answered this in a "Fun Questions to Ask" survey
What is your oldest sibling's birthday month and year (e.g., January 1900)? Even if someone just guessed there's only about 240 possible answers (20 yrs * 12 months a year), and if your oldest sibling is your friend on facebook or myspace this answer is very easy to find
What is your oldest cousin's first and last name? If you're using this as a security question you're probably friends with your oldest cousin on facebook or myspace
What is the first name of the boy or girl that you first kissed? You might have answered this in a "Fun Questions to Ask" survey, and your spouse and ex's probably know the answer to this.
What is your youngest brother's birthday? Again, if you're using this as a security question you're probably friends with your oldest cousin on facebook or myspace
What was the name of your elementary / primary school? it is usually easy for someone to find out the area a person lives or grew up, and there's usually only so many schools in an area
What is the name of your grandmother's dog? This is a poor question for many reasons.  First, you might have talked about this online ("went to grandma's and played with her dog Rex").  Second, which grandmother?  Third, what if dog dies and she gets another one?  Fourth, all of your family would know the answer. 
What are the last 5 digits of your driver's license number? I don't even know the answer to that, and if you someday move to another state it's very likely to change
On which wrist do you wear your watch?
This is so outrageously poor that it is laughable and I can't believe someone actually thought this was a good security question.  How many possible answers are there?  The scary thing is the person posting this then linked to goodsecurityquestions.com, which makes me wonder if they either got the question from there at some point or own the website.
   



Well there you have it, if anyone uses any of these suggestions please let me know.

Posted on Wednesday, September 23, 2009 10:28 AM | Back to top


Comments on this post: How to pick a REALLY good security question

# re: How to pick a REALLY good security question
Requesting Gravatar...
For the driver's license one, it gets worse...

In Ontario, Canada, the last 6 digits of your drivers license are Y-YMMDD of your birthday. If a person sees "Ontario" as your location and you put that in as a security question, you're screwed.
Left by NerdOfAllTrades on Sep 24, 2009 11:25 AM

# re: How to pick a REALLY good security question
Requesting Gravatar...
Good list. The US Army just made a set of questions you had to pick and answer in order to login and get your email. Almost every one of them was what is your favorite ... They provided stock answers. For example What is your dream car? Stock answers included Ferrari, Lamborghini and Aston Martin. Who would pick pickup truck or beater as an answer?

Maybe you could teach them a thing or two.
Left by Bruce on Sep 24, 2009 12:30 PM

# re: How to pick a REALLY good security question
Requesting Gravatar...
Miserable list - and you must be the schmoo making my life miserable - for whatever reasonable, I can barely remember ANYTHING before college, I don't give a rat's ass about sports or movies, and can't reliably answer ANY of your questions - the whole POINT is that asking more and more obscure questions to make things "secure" just makes the answers more and more obscure and hard to come up with. Utterly the wrong approach to security.
Left by Tracy Hall on Sep 24, 2009 1:49 PM

# re: How to pick a REALLY good security question
Requesting Gravatar...
MAKE UP YOUR OWN LOOKUP TABLE AND USE KEYPASS:
Q1:LOOKUP1....A1:1GH$^%J6HE&DJEH23
Q2:LOOKUP2....A2:3JEISJ&#&KDJHFEJFD9
ETC.
Left by NOBODY on Sep 24, 2009 2:24 PM

# re: How to pick a REALLY good security question
Requesting Gravatar...
Q: What was your first pets name?
A: nowegmp
Left by Matthew on Sep 24, 2009 3:16 PM

# re: How to pick a REALLY good security question
Requesting Gravatar...
So what is wrong with password remembers like passwordsafe or other tools.
I normally type in garbage in to these fields.
Left by Daniel Graversen on Sep 30, 2009 3:23 AM

# re: How to pick a REALLY good security question
Requesting Gravatar...
The problem with typing in garbage, for me, is that some of these places will ask you the same question on the phone for verification that they ask online. I may be able to look it up on my computer, but sometimes I'm going to be calling for service (or a lost/stolen card) and need to know the answer to the question without access to a computer.

The place I'm thinking of uses "what is your best friend's last name"...which is just ridiculously bad when you consider Facebook.
Left by TsuKata on May 24, 2010 9:50 AM

# re: How to pick a REALLY good security question
Requesting Gravatar...
Many states have algorithms that generate a driver's license number based on a name and birthday (Washington state, for example: http://www.highprogrammer.com/alan/numbers/dl_us_wa.html) Yet another reason any security question based on a driver's license number is a bad one!
Left by Ryan Mitchell on May 26, 2010 6:05 PM

# re: How to pick a REALLY good security question
Requesting Gravatar...
Fantastic post and this was the great article i hope that this website continue to post such thing that will provide the solution to needy person.
Left by military school on Oct 28, 2010 6:47 AM

# re: How to pick a REALLY good security question
Requesting Gravatar...
Its really nice security question list.But what ii I gave some answer & forgot that?Please suggest some idea for this.
Left by Internet Advertising Agencies on Nov 10, 2010 10:52 PM

# re: How to pick a REALLY good security question
Requesting Gravatar...
Thanks for sharing such a great article.
Left by emi shield on Nov 18, 2010 11:27 PM

# re: How to pick a REALLY good security question
Requesting Gravatar...
Really an wonderful article to read keep posting.
Left by adult sex store on Nov 22, 2010 5:26 AM

# re: How to pick a REALLY good security question
Requesting Gravatar...
I would bookmarked this website to read further information.
Left by mumbai seo on Nov 23, 2010 6:33 AM

# Mrs
Requesting Gravatar...
Very well written article on the security question its detailed characteristic things to avoid.
Left by alopecia medicine on Nov 29, 2010 3:08 AM

# re: How to pick a REALLY good security question
Requesting Gravatar...
I liked the part on how to avoid things concerning Security questions.
Left by green cookware on Nov 30, 2010 11:50 PM

# re: How to pick a REALLY good security question
Requesting Gravatar...
And unless correctly to base safety on the data which it is possible to learn without contact to the owner? I think that was not present
Left by Discount Cigarettes on Dec 08, 2010 12:06 AM

# re: How to pick a REALLY good security question
Requesting Gravatar...
On which wrist do you wear your watch? It seams to me as nice question if answer is something totally unrelated. BTW, I have numbers in PIN code format written on my credit cards in poor writing. At least a thief can waste a few trials.
Left by happy_hedgehog on Dec 09, 2010 8:13 AM

# Mrs
Requesting Gravatar...
Pretty good post. I just stumbled upon your blog and wanted to say that I have really enjoyed reading your blog posts. Any way I'll be subscribing to your feed and I hope you post again soon.
Left by fulfillment on Dec 13, 2010 11:44 PM

# re: How to pick a REALLY good security question
Requesting Gravatar...
Nice blog! Is your theme custom made or did you download it from somewhere? A theme like yours with a few simple adjustements would really make my blog stand out. Please let me know where you got your theme. Cheers
Left by Soigner Hemorroides on Dec 16, 2010 12:01 PM

# re: How to pick a REALLY good security question
Requesting Gravatar...
Excellent site you have here but I was wondering if you knew of any community forums that cover the same topics discussed in this article? I'd really love to be a part of group where I can get feedback from other experienced people that share the same interest. If you have any suggestions, please let me know. Thanks!
Left by Comment Tomber Enceinte on Dec 16, 2010 12:36 PM

# re: How to pick a REALLY good security question
Requesting Gravatar...
Pretty good list, nice article! Thank you for this post.
Left by plancher chauffant on Dec 26, 2010 9:04 AM

# re: How to pick a REALLY good security question
Requesting Gravatar...
I appreciate your idea here. Definitely it has a good content. Thank you for imparting more of your own thoughts
Left by motorcyclelawyercalifornia on Dec 27, 2010 5:06 AM

# re: How to pick a REALLY good security question
Requesting Gravatar...
Sometimes you don't have a choice when choosing a security question. They just give you 4 pre-made questions and you can't change them.
Left by Hydrolyze on Jan 26, 2011 10:32 PM

# re: How to pick a REALLY good security question
Requesting Gravatar...
Since mostly you are stuck with the lame questions, just lie. You can use something like nikon@99 for best friend or pet's name. Just make sure it's something that is easy for you to remember.
Left by bogie on Feb 04, 2011 2:38 AM

# re: How to pick a REALLY good security question
Requesting Gravatar...
Some VERY good tips and options here. @Tracy Hall - I'm the same: I can't seem to remember anything before college. However, the following security question is my one exception:

"What's my favorite third grade song?" works for me. Through trial and error, I realized I needed a question with an answer that is tied to something very memorable in my past, unchangeable, AND unknown to/unasked by others.
Left by MurphysDaze on May 26, 2011 11:48 PM

# re: How to pick a REALLY good security question
Requesting Gravatar...
The one with the third grade teacher is really poor - at least all your classmates from third grade and probably a lot of your friend will know...
Left by Dude on Jun 06, 2011 11:45 AM

# re: How to pick a REALLY good security question
Requesting Gravatar...
The coolest thing about the work behind this release went into rethinking the building of debs. The "deb source file" one uses to produce DEB packages is very hardwired to use the name of the software in both filenames (37 files) and file contents (78 times). So for instance what was done to produce MariaDB debs was essentially to take the deb-src package for MySQL and just rename all package names and dependencies from mysql to mariadb. So to produce mepsql you rename all those places again,DJ point
Left by mehree on Jul 29, 2011 12:19 PM

# re: How to pick a REALLY good security question
Requesting Gravatar...
The best question/answer is one that doesn't make any sense. You pick a random word...say...aardvark...and then from now on, no matter what the question asked is, answer is always aardvark. What's your mother's maiden name? aardvark What street did you live on when you were a kid? aardvark What was your first pet's name? aardvark

It works.
Left by JW on Oct 07, 2011 6:06 PM

# re: How to pick a REALLY good security question
Requesting Gravatar...
Just a note, "Which wrist do you wear your watch?" DID come from goodsecurityquestions.com... from their list of questions not to use!
Left by CO on Nov 23, 2011 10:16 PM

# # re: How to pick a REALLY good security question 11/23/2011 10:16 PM CO
Requesting Gravatar...
goodsecurityquestions.com has read my article and has updated their questions, but when I wrote this in 2009 they use to recommend people use "Which wrist do you wear your watch?" as a "good" security question
Left by iamjames on May 23, 2012 5:44 PM

# re: How to pick a REALLY good security question
Requesting Gravatar...
I pick answers that have nothing to do with the question. The answer to "what is your favorite color" actually the answer to "what is the last name of your first girlfriend", or something like that. It's highly unlikely someone will guest my favorite color to be "Jackson". I do have to keep a list, but not of the answers, just of what the actual question is for each security question i've used.
Left by Sparky on Jul 26, 2012 10:49 AM

# re: How to pick a REALLY good security question
Requesting Gravatar...
Why do you allow your blog comments to be overrun with spam? geekswithblogs should set a better example....
Left by Einstein on Jul 28, 2012 6:11 PM

# re: How to pick a REALLY good security question
Requesting Gravatar...
i know... i clicked the wrong button and approved all comments, never went back and removed them. I removed some today
Left by iamjames on Jul 28, 2012 6:28 PM

Your comment:
 (will show your gravatar)


Copyright © iamjames | Powered by: GeeksWithBlogs.net | Join free