Use Fake Answers To Online Security Questions

Use Fake Answers To Online Security Questions

Image credit: Christiaan Colen/Flickr

The sign up processes for online banking accounts, new email addresses, or health insurance apps all involve a few extra security measures to protect the precious data inside those accounts. Unfortunately, the security questions they make you answer aren’t exactly secure. Your mother’s maiden name just won’t cut it anymore and, according to the New York Times, might cost you your credit score if someone gains access to your personal information. It’s time to strengthen your security questions to keep the bad guys out of your accounts.

Security questions ask for information about your actual life, information anyone can easily obtain either through social media or from data breaches like the recent Equifax debacle. It’s not too hard to figure out which car you drove in college, or your mother’s maiden name (it’s probably on her Facebook page). Answering truthfully isn’t the greatest idea, though you can always try a different approach before pulling out the big guns.

Just Lie — With the Help of a Password Manager

Your first car? Just write your dream car, or the car you’re planning on buying. Mother’s maiden name? Easy, just make it whatever irksome term of endearment she used to address you before asking you to get those dishes done. As long as those answers aren’t searchable, you should generate incorrect answers and keep them secure.

Of course, you want to make sure you can keep track of all the false responses you’ve concocted, and keeping your new, false responses secure means storing them with the rest of your secure data. Turn to your favourite password manager to store your security questions and answers (or generate better ones). You can create a spreadsheet for all of them, or just write your questions and bogus answers in the notes field of the corresponding site or service (assuming you already have it in your manager of choice).

For added peace of mind, you should use the password generator in your password manager to generate more varied answers compared to simply using “incorrect” responses. Fe5h&R&ltv1 is harder to guess than Meredith, even if both aren’t the actual name of your prom date.

Your Mother’s Maiden Name Is Not a Secret


  • I must be missing something.

    If someone has access to your security question answers on one site (e.g. Equifax), and you use the same answers to those questions on every other site, then what difference does it make whether the answers are correct or not.

    Thereafter, socially engineering someone isn’t quite as simple as a quick peruse of their FB page. Most security question portals require at least 3 answers (some more). To get these would take a fair amount of time and effort to research the answers and (at least for now) can’t be easily automated. Most of us really aren’t that important or worth the investment.

    • Yep, the idea of re-using the same (in)correct answers weakens the security for all. But it makes it harder for would-be hackers if you’ve set up your account with fictional answers (as long as you can track them somewhere). And it’d be better to not re-use the fictional answers elsewhere, to prevent precisely the kind of scenario you’ve mentioned.
      Another tip I find useful is to never use a real date of birth for anything that doesn’t legally require it. In most cases a site asking for such information is overstepping the mark on collecting information relevant to the service they provide. And I don’t trust many of them to keep it secured properly. Also means I get all manner of birthday coupons/greetings/free meals throughout the year 😉

Show more comments

Comments are closed.

Log in to comment on this story!