In our article about social engineering, we showed you some of the reasons why security questions aren’t always the greatest last line of defence.
However, with countless major sites still keeping them as an important part of their account verification process, it looks like they might be with us for a while yet.
This week, we’re looking at some of the steps you should be taking with your secret questions to keep socially-savvy hackers out of your accounts. Knowing these simple tricks can help you turn an otherwise vulnerable security step to a daunting prospect for crooks.
-
Feel free to lie.
Questionable ethics aside, the fibbers amongst us are probably crafting better answers for our security questions. Have a dog called Alexander The Great, an uncle named Yoda, and was Steven Seagal your best friend in Kindergarten? (Hint: You two go way back.)Choosing a fallacious answer to your security question is one tactic you can use to throw hackers off your trail. However, a word of warning: the pitfall with lies is that they can be difficult to remember, especially amongst multiple accounts. Ensure you choose a fake answer that will stick, but won’t be easy to for someone you know to guess.
-
Get creative!
Try shifting the letters in your answer, for example, a key to the right. You can also invent your own letter-to-symbol conversion table, or create an anagram. For example, the name of your grandmother, e.g: Greta, could become Htrys. Your dog Rover could morph to 6&%@5, or your place of birth could go from Sydney to Dysney. Your options are limitless.A good rule of thumb is to use a different formula for each site and keep your answers safe for when you need them in the future.
-
Start using a password manager.
If you haven’t jumped on the password manager bandwagon, there’s no time like the present. These utilities are usually free and provide a convenient, secure way to store your secret answers and logins. You can even generate your own random answers to ensure maximum security.Popular solutions include LastPass, Dashlane and 1Password. Luckily, LastPass has even created a guide to make storing and creating bulletproof secret answers a breeze.
Once you’re set up, you can easily store your secret answers inside your manager, eliminating the need for writing down or remembering the answers to more complex questions.
-
Pick your questions wisely.
If a website gives you the option of writing your own questions, seize the opportunity. Cryptic questions such as “What is the answer?” with a string of random numbers as the answer is a highly secure choice, effectively doubling as a second password.Otherwise, if you’re only given a list of questions to pick from, choose an obscure-sounding option. Avoid key conversation topics such as first pets, favourite sports, books or movie titles, or the infamous ‘mother’s maiden name’. Instead, opt for unusual picks such as childhood phone number, college room-mate, or your address in 6th grade.
For more ideas, take a look at Lifehacker’s coverage on choosing great security questions.
-
Disable them.
If you get the chance, try to opt out of security questions altogether. There are far better ways to verify who you are, such as Two-step authentication. See here for our guide to what it is, and how to enable it.