Best Security Questions: Selection Criteria and Examples

Entering correct security answers to your question helps protect your website from critical changes. Even if attackers have taken possession of the password from the control panel, they will not be able to remove the module, change the password or security settings without knowing the correct answer to the security question.
List of actions that require a security question answer:
- Account recovery (including password resets);
- Attaching or detaching a domain;
- SSL settings;
- Removing modules;
- Changing site security settings;
- Deleting a website;
- Change of contact email address;
- Change FTP password/account password;
- Change of site owner, etc.
However, if you forget your answer to a question, the recovery process becomes much harder as you may lose access to critical features. Do not use public or obvious data (the data that may be visible on social media websites, forums, games, chats, or elsewhere). Instead, consider using fake answers only you’ll remember.
Criteria for choosing good security questions
Several important criteria determine the reliability of a security question as part of your authentication methods. Study them carefully before choosing the top security questions for your online accounts.
Security
Security is considered one of the most significant characteristics of a good security question. It should not jeopardize the protected object. A good question must have an answer that is rather difficult to guess and thus block unauthorized access to your personal account. It’s a critical part of safe login procedures.
Here are several examples of ineffective security questions:
- What is your grandfather’s last name?
- What’s your home address?
- What is your mother’s phone number?
Pay attention to the following examples of good questions:
- What was the name of your first childhood friend?
- What is your brightest childhood dream?
Invariability
An effective security question should have a consistent answer. It is not recommended to choose questions, the answers to which may vary. This mainly applies to the category of favorite things: vacation spot, teacher, color, book, movie, animal, song, artist, etc. Interests, tastes, and personal preferences are subject to change. For example, last year you enjoyed your vacation in Italy and this year in Europe. By choosing a question with a volatile answer, you may not remember the answer you originally provided.
Here are some bad examples:
- What color do you like the most?
- What’s your favorite artist?
- What book do you recommend to your friends?
- What was your high school mascot?
Good examples are the following:
- What was the name of your first school teacher?
- What year did you enter college?
- What is your mother’s maiden name?
Memorability and obviousness
The answer to a good security question should be obvious. In addition, it should be easy to remember, but at the same time remain secret to others. The answer should be easy to recall, especially in situations where fast identity authentication is needed. However, it should not be something that can come up in casual conversation.
Some bad examples include:
- Which teacher did you like the most at school?
- What is your friend’s driver’s license number?
Good examples:
- What is your child’s nickname?
- What is the manufacturer of your first car?
Basic types of secure questions
Security questions are roughly divided into categories. You can select the one that seems more appropriate to you:
- Childhood (What was the name of your favorite childhood pet?);
- Family (What year was your grandmother born?);
- Preferences (What is your favorite sport?);
- First (What month was your first child born?);
- Personal characteristics (What is your skin color?);
- Animals (What breed of cat do you like the most?);
- Education (What was the name of your school physical education teacher?);
- Work (In which area of the city is your place of work located?).
Recommendations for choosing the best security questions
The following tips will help you select the most effective security questions:
- There are very few good user defined questions that suit absolutely everyone. There are questions that are bad for some people, while the same questions are good for others. Select and customize your own questions that suit you best;
- Don’t use too many questions, even if you’re building a broader security strategy for your online accounts and want to increase security;
- Pay attention to the absence of errors;
- Avoid system defined questions like favorite color – the answer range is too limited and easy to guess
💡 Tip: Consider storing your answers in a password manager if you’re worried about forgetting them. Just make sure you don’t use the same answers elsewhere.
💡 Tip #2 :For even better protection, pair security questions with two factor authentication to reduce the risk of unauthorized access.
Examples of efficient and inefficient security questions
Within the framework of this article, it seems appropriate to give examples of security questions, dividing them into two categories: efficient and inefficient. Study each carefully and decide on the best questions already today.
Efficient security questions
- What was your childhood best friend’s nickname?
- In which city did your parents meet?
- What’s your neighbor’s last name?
- How many pets did you have at 10 years old?
- What month did you get married?
Inefficient security questions
- What sport do you prefer the most?
- What’s your favorite TV program on Sunday?
- What year was your grandmother born?
- What color does your child like?
- In which area of the city is your place of work located?
What is the reason for the need to use a VPN?
In addition to using top security questions, strengthen your online security with a VPN. The need to use a VPN is due to the increased risk of “hacking” by attackers of a virtual server that has direct access to the public Internet through a public IP address. Combining users’ cloud servers and local computers into a private network minimizes the number of users who can gain direct access. This way, your server will use only a private IP address instead of a public one, which is not available for attempts to connect to the Internet directly. The presence of the server on the Internet will be anonymous, which will allow you to become more secure online.
VeePN is freedom