It is more important than ever that consumers use strong security questions with strong security answers on their online accounts. With most people home due to the COVID-19 pandemic, more consumers are required to shop online to do their food and household purchasing. That means a lot of online accounts have been and will continue to be created. One common step in creating an online account is picking a security question in case the creator of the account cannot remember their password. It is meant to be another layer of security for the authentication process.
While this alternative way of identifying customers can be very useful, it could also put more personal information at risk of compromise should the company fall victim to a data breach. For example, if someone selected “What are the last four digits of your Social Security number?” as their security question and provided that credential as the answer and the company’s online user database was breached, hackers could have that piece of personal information to use to flesh out more details of the person’s identity credentials.
However, there are things people can do to keep themselves safe while using strong security questions as another form of authentication.
When creating an answer to a security question, the response doesn’t have to be the exact answer. In fact, the Identity Theft Resource Center would encourage people that are signing up for online shopping, and other non-sensitive online accounts, to provide alternative answers. Doing so creates a strong security answer because it would be nearly impossible for anyone to research or guess. For example, if “What is my mother’s maiden name?” was selected as a security question, using an alternative like their mother’s nickname or some other name doesn’t give away a very valuable component of your security question. The answer should be stored in a password manager or on a piece of paper that is securely locked away.
With that said, creating alternative answers to security questions should only apply when someone is creating an account for a business or institution that doesn’t require highly sensitive information to verify their identity. If someone was creating security questions and answers for an account with a bank, lending institution or medical provider that uses that information to authenticate the user’s identity, they would want to provide accurate answers because the answers could be used to verify identity.
Some other tips to keep in mind while trying to pick strong security questions include:
- Select a security question that cannot be guessed or researched over the internet, social media profiles, etc.
- Select a security question that will not have to be changed over time
- Select a security question that is easy to answer, but not obvious to others or easily researched
- Select a security question with a precise answer that does not create confusion
Users should make sure they are selecting strong security questions that will keep them safe. They should not be afraid to use alternatives for the answer if it will protect identity credentials. People should also make sure their answers are as strong as their passwords. People can do their part to protect themselves and shop online for all the things they need to get through the COVID-19 pandemic, and beyond.
For more information about protecting your online accounts, contact the Identity Theft Resource Center to live chat with an expert advisor or call toll-free at 888.400.5530.
You might also like…