Security Question Best Practices [+31 Security Questions Examples]

If you need to provide security questions for an account online, it is essential to come up with questions that both you can remember and are specific enough that no one but you will know the answer.

While security questions are a weak form of security, sometimes they are used as a last resort to prove your identity when trying to recover an account online. If an account requires you to enter security questions, you should absolutely make sure to choose the right questions. Otherwise, someone may be able to compromise your account if they find the answers to your security questions.

To keep you secure, we came up with security questions examples that you can use for your accounts that are specifically designed to be highly specific.

The security questions examples we will share with you in this post are designed around the age of social media where a lot of your personal life is publicly available online.

Due to social media, you shouldn't even consider using a security question like "what's your mother's maiden name?". Those sorts of questions can easily be cracked through a quick Facebook search.

So let's get into our security questions examples, and how to keep your account secure even if you need to use security questions.

What Are Security Questions?

Security questions are a series of questions asked to confirm someone’s identity. They are typically used online when recovering an account (after you get locked out, or forgot a password).

They usually consist of 3 or more questions that you’ll be required to answer. The idea of security questions is that only you would know the answer to the questions. It is a basic way to prove you are who you say you are.

What Makes a Good Security Question?

Funny as it sounds, the best security question is not using security questions! Security questions are like trivia questions about yourself, and it can be pretty easy for other people to figure out the answer.

For example, think about the question "what's the make and model of your first car?". If someone wanted to figure out the answer, they could search your social media profiles or they could ask your friends or family to figure it out.

If you need to create a security question, it has to be something that has never been posted anywhere or mentioned to anyone. Finding a good security question is trading off how easy it is to remember the answer, and how secure it is.

It is easier to remember something like "what is your father's middle name?" than "what was the first book you ever read?". But, choosing the latter is certainly a better choice.

I highly encourage the use of password managers whenever you're required to provide security questions. A password manager is a secure application that allows you to save passwords and other secrets. They can generate passwords for you that can be used anywhere.

Whenever I'm asked for a security question, I always choose to use a password generated from a password manager. That way, it is impossible for an attacker to find out the answer via social engineering, or social media.

Here's how you could use a password manager to create a strong security question:

1. The website asks you to come up with a security question
2. Enter "What is your random phrase?" as your security question
3. Either come up with a random phrase, or generate a new password with your password manager
4. • A random phrase could be anything like "red mickey mouse trucker hat" or "the big sky, the ocean blue" or just random characters like "E3be92Hij21L0"

Then when you're asked for your security question and you see "random phrase", you can just go into your password manager, and copy and paste the answer.

This is the strongest security question, because it cannot be discovered online or through social engineering (like phishing).

31 Security Questions Examples

If you need to provide a security question, and you’re not willing to use a password manager, we have compiled a list of security questions examples that you can use.

When choosing your security questions, always think about “is this public information”, and “is the answer obvious”. For example, one of our questions below is “What was your dream job as a child”. This is a good security question only if your dream job is unrelated to your actual job.

Without further ado, here are our security questions examples:

1. What was the name of your favorite teacher in elementary school?
2. What was your dream job as a child?
3. In what city or town did you meet your spouse/partner?
4. What was your favorite vacation spot as a child?
5. What is the name of the first book you ever read?
6. What was the first concert you ever attended?
7. What was the name of your first stuffed animal?
8. What was your favorite subject in high school?
9. What was the model of your family's first television set?
10. What is the name of the street where your best friend lived during childhood?
11. What is the first name of the person you went to your first dance with?
12. What is the name of the place where you had your first kiss?
13. What is the title of your favorite childhood book?
14. What is the name of the first beach you visited?
15. What was the first movie you saw in a theater?
16. What is the name of the first foreign country you visited?
17. What was the name of your favorite childhood cartoon character?
18. What is the title of your favorite movie from your teenage years?
19. In what city did you celebrate your 10th birthday?
20. In what city did you have your first ever flight?
21. What was the first album you ever purchased?
22. What was the title of your favorite video game as a teenager?
23. In what city did you attend your first sports event?
24. What is the name of the first song you learned all the lyrics to?
25. In which city's library did you get your first library card?
26. What was the brand and flavor of your favorite ice cream in middle school?
27. What was the full name of your best friend in third grade, and what was their favorite hobby?
28. What was the name and color of your favorite childhood blanket?
29. What was the title of the first play you ever saw live, and in what theater?
30. What's the name of your favorite high school teacher?
31. Who was playing when you went to your first professional sports game?

What to Avoid When Creating Security Questions?

Over the last fifteen years, finding anyone's personal information online has become so easy that choosing the wrong security question could be like leaving the keys to your house in the lock.

Questions like "where were you born?" or "where did you go to elementary school?" are so easy for hackers to crack, that you should avoid them at all costs.

But, what exactly makes these questions easy to crack? It’s mostly because all of that information is already online and just a Google or Facebook search away.

Here are some topics to avoid when you're coming up with your own security questions:

1. Avoid public information
2. • This includes questions like “where did you go to school?” and “what is your street name?”
2. Avoid information that is on social media
3. • This includes questions like “what’s your oldest sibling’s middle name?” and “where was your mother born?”.
3. Avoid obvious answers
4. • You’ll want to avoid questions that are obvious. If the question is “what was your dream job as a child?”, and you’re currently working in your childhood dream job, you’ll want to pick another question.
4. Avoid questions with only a few answers
5. • Questions like “what color was your first car” are dangerous, because it is easy to guess. There are only so many colors that cars are usually made in.

Best Practices for Security Questions

It is always better to use randomly generated secrets instead of security questions, but if you must come up with security questions for an account, it’s important to consider these best practices.

• Use questions that are easy for you to remember
• • If you can’t remember the answer, you may be locked out of your account entirely.
  • But make sure to not make it so easy to remember, that the answer is obvious.
• Your answers should not be obvious or public information
• • Always choose questions that have answers that only you would know. Beware of questions that can just be looked up on Google or social media.
• Use a password manager to store your security questions
• • Using a password manager will help ensure that you remember your security questions, so you can focus on coming up with hard questions without worrying that you’ll forget the answer.
• Never share the answer to your security questions with anyone
• • You should keep your security questions in the back of your mind when you’re sharing information in person or online. If you ever accidentally leak an answer to a security question, you should reset your security questions.
  • This is why it is important to not publicly share your birth date, as many services (including some banks) use a birth date as a means of verifying identity (even though that is a poor means of verifying identity).

How to Come up with Security Questions

When coming up with security questions, there are a few tricks you can use to ensure your questions are difficult for hackers to crack.

Like we’ve said, security questions are, by their nature, a problematic way of verifying someone’s identity. There’s just too much that can go wrong (e.g. being too obvious of an answer, being public information, being leaked on social media).

But if you absolutely need to make security questions, we figured out some tricks you can use to make your questions as strong as possible.

First, think of events or objects from your childhood. These are great because likely they wouldn’t be shared with anyone, the answer will never change, and they have been completely lost in time. So long as your childhood wasn’t posted on social media, the name and color of your childhood blanket isn’t information that is likely to leak out on the internet.

You should still make sure to choose things that are so odd that the information wouldn’t be accessible. For example, “what was your mother’s first mobile phone?” I happen to remember my mom's silver Samsung flip phone. But it’s highly unlikely anyone else would be able to figure that out. Another example is “what is your family’s first size and model of TV”. It would be very hard to dig up that information.

Another trick is to speak in code. “Security through obscurity” is widely known to be ineffective, but in the case of security questions it could be highly effective. There may be words that trigger memories in your head, but would be complete nonsense to anyone else. For example, as a kid I used to call milk “guck”. You could make that into a security question: “Favorite guck?” and the answer is “chocolate milk”.

You can trick hackers by having a very specific answer to a general question. This could be just about anything, but here’s an example question “What comes to mind when you think of Destin, Florida?”. I’ve always recalled on my first trip to Destin, Florida it was so windy that the sand was getting in my eyes, so I would say “sand in my eyes”. But you can see how an attacker would be pretty stumped. They might think “beaches”, “sun”, “hot”? The question is general, but my answer is specific since it references the experience I had.

Conclusion

I hope this guide has helped you pick a few strong security questions. Remember the strongest security questions are no security questions! You should try to use a password manager and generate random secrets whenever possible.

If that’s not possible, remember to avoid publicly available information including anything that could have ever been posted on social media by you or any of your friends. You should never share your security questions, but if you do, you should always update them.

Choosing weak security questions could lead to your accounts getting hacked, and choosing too challenging security questions could lead to you being locked out of your account. So make sure before you choose your security questions that you spend some time reviewing the best practices to come up with security questions that are strong and easy to remember.

Thanks for reading! If you have any questions or feedback let us know in the comments.