There’s no doubt that our online identities are continuously under attack.  The proof is the trillion dollars in profits that cybercriminals will make this year alone. 

You might say, “But, I have strong passwords, so I’m safe!”.  Even with complex and unique passwords for every account (most people don’t bother to create unique passwords), there’s a good chance that some of your accounts have been compromised and are available on the Dark Web.  Consider using a password manager such as Roboform, which allows you to create and manage unique, complex passwords for all accounts.

Another way to protect yourself is to enable Multi-Factor Authentication (MFA) on every account that allows it.  And if you have accounts that don’t offer MFA, it might be worth looking at another vendor that does offer MFA on their accounts.

Vendors also try to protect their accounts through security questions.  In recent years, cybersecurity experts have reconsidered the use of security questions altogether.  Unfortunately with the pervasiveness of social media, online public records databases, and the vast amount of Personally Identifiable Information (PII) available on the Dark Web, security questions no longer provide much in the way of security.  Finding your high school, the name of your pet, or your favorite sports team is easy to find by doing a social media search. 

In addition, hackers that have stolen user accounts from Yahoo and others have not only stolen credentials in some cases, but security questions and answers as well.  And if you’re like many people, you probably use the same security questions and answers amongst multiple accounts.

How to Use Security Questions Securely

Step 1 – Use made up answers. 

Choose a question such as, “What is your grandmother’s maiden name?” and answer it with a long, non-sensical answer that is made up, or use a uniquely generated password from your password manager. 

Step 2 – Utilize your password manager.

Use your password manager to save the answers to your security questions, or use the secure notes section of your password manager to document the answers.

Step 3 – Completely phase out use of security questions.

Avoid using security questions and answers that can easily be about you through social media or online public records (or that you’ve used on other accounts).

Lying on your security questions is just another way to protect your online identity.