If you read or watched the news last week, you probably saw stories about how private photos of celebrities were accessed from a “cloud” server and distributed on the internet. One of the factors in this hacking incident was that hackers were able to figure out the answers to the celebrities’ security questions using publicly available information.
These are the questions that some sites ask you to answer after you’ve successfully logged in, and they serve as a second layer of security. If a site uses security questions, someone trying to hack into your account would first have to know your login ID and password, then they would also have to know about your family or personal life. Utilizing multiple layers of security makes it much harder for someone else to log in as you. However, if the answer to a security question is publicly available, the security value of that question may be lessened.
Although none of us lives a life that is as public as that of Jennifer Lawrence, Jill Scott or other victims of this crime, social media sites make more information about all of us publicly available. The public sections of my Facebook and LinkedIn profiles reveal that I grew up in Potosi, WI, and attended Mundelein College in Chicago. But stating that publicly here and on social media does not jeopardize the security of any of my logins because I don’t use those widely known pieces of information as the answer to security questions. Instead, I employ a couple of easy tricks to make my security answers less hackable. When asked to select questions to use for security purposes, I select only questions that ask about facts that are not publicly known about me or I use “fake” answers. This makes it unlikely that someone could hack my accounts even if they somehow got their hands on my ID and password. Below are some ideas for fake answers that you could use to make your security questions even more secure.
If you love Hawaii and have blogged or shared Hawaiian vacation photos on social media, you might want to use a fake answer to vacation-related security questions. You could answer with the place where you had a terrible vacation experience. Or you could use a location from your favorite book, movie or TV show – Narnia, Camelot, Asgard, Middlemarch, Avonlea, Mayberry, etc. If asked for the city where you were born, you could instead answer with the birthplace of your spouse or a parent (provided he/she was born in a different city than you). If asked for the first street you lived on as a child, you could answer with the street name of your grandmother, your piano teacher or your childhood best friend.
If asked for the first name of your mother, father, best friend or firstborn child, use that person’s middle name instead. Use a person’s full name when asked for his/her nickname, or vice versa. You could answer questions about your mother with information about her mother and questions about your father with information about his father. Alternately, answer questions about your mother with answers about your mother-in-law or step mother.
One of the questions I’ve encountered several times is the name of a first boyfriend or girlfriend. Rather than answering with the actual name – which some family or friends could know – give the name of the first actor/actress/singer you had a crush on. As an example, I loved the Hardy Boys and was especially enamored of Parker Stevenson, so I could answer the first boyfriend question with his name or with the name of the character he played, Frank Hardy. Recently, in a discussion about childhood crushes at a dinner party, one of the women said that her first crush was the cartoon character Speed Racer. If she used this as her answer to all security questions about boyfriends, imagine how hard it would be for a hacker to guess “Speed Racer” when they encountered a boyfriend-related security question. Even if her login and password were compromised, it is highly unlikely that her account could be accessed by the hacker.
If the security question asks about your first pet, and everyone has heard your stories about the puppy named Cubby that you got for your fifth birthday, you could answer with the name of your best friend’s first pet instead. If asked for your favorite dog breed, you might answer with your best friend’s favorite breed, your least favorite breed, or the breed of a neighbor’s dog that bit you when you were 12, and which you’ve been scared of ever since.
Another tactic is to answer a security question with a sentence instead of just giving the answer. If asked the month of your mother’s birth, you could answer like this: “My mother was born in August.” If asked for your favorite movie, you could answer with your favorite line from that movie instead of with the movie title. If you love Star Wars, you could answer that your favorite movie is “Luke, I am your father.” Alternately, you can use the first letter of each word in that phrase to create a unique one-word answer: LIayf. When discussing this method of creating security answers and passwords in a financial literacy class I taught, one of the students said his favorite movie quote is “Say hello to my little friend” which could be rendered as an answer or password like this: Shtmlf.
No matter how clever and unhackable you make your answer, it doesn’t do you any good if you forget what it is. So be sure that it is something you can remember easily, and be as consistent as possible so that you don’t have to remember different fake answers for different sites. You might answer all parent/grandparent questions using information for the person one generation older, as mentioned in the “People” section above. If Frank Hardy is your fake answer to the first boyfriend question on one site, use it consistently as the answer to all boyfriend-related questions.