The idea behind the security question is a simple one, it's an additional layer of confirmation in the path of password recovery, account protection or authentication. The host intends to interrogate you on the knowledge of the account holder (which is hopefully you) But if it's not, it might not enough to rely on that person 'not knowing' the answer...
This is going to be a super quick post because the trick here is simple...way simple
The idea relies on the concept of if somebody was to have even a tiny chance of guessing your security answer - you're in trouble
So all we need to do is get around this problem, and we're in the green!
Although we are talking about security questions here, which should be used. I do recommend you get involved in 2FA (two-factor authentication) for all accounts
This will allow you to add a significant layer of protection while simultaneously offering more secure means of password recovery and authentication, it's pretty much the 'more modern' way of doing it
Anyhow, to make your security questions unbreachable...you need to make your answers 'secretive' right? Nope, you need to make them... silly, in fact, you need to make them completely illogical!
Where People go Wrong
Okay so, security questions need little introduction. Some accounts require you to just have one, other accounts require you to preset a few
Either way, they are all in jeopardy if we don't really think about the concept and make it work for us
Let's say you're setting up account and bam! There it is, the 'enter your security question and secure answer' part
You click on the drop-down tab and a flurry of selectable questions appear, some of which you think - I have an answer for that!
You pick one of these and let's say it's 'What is your favourite insect?', to which you put the answer ' Fly '
How can anyone possibly know your favourite insect? it's hardly something that comes up in convocation unless you've had some seriously awkward elevator small-talk encounters
But this is where I say, that's not the 'right' answer, and by the right answer I mean.. the most resilient one in the hope to secure your account
What you've done there is when asked a question, you've given a truthful answer. This is the issue and yet the most common mistake by the majority of account holders
This security question is not secure because it can be solved with social engineering, research, assumption or just plain logic, arguably you've narrowed down the search for anyone interested in getting into your account. You can probably guess where I'm going with this with regard to the solution
Room for Improvement
Let's try that again, you log in and you're presented with a list of preset security questions. You pick the 'What is your favourite insect?'
This time, you put in the answer 'Penguin'
Now, other than making yourself laugh because it's a hilarious answer to a rather direct question, you've increased the security of your account significantly
Imagine someone trying to go down the route of password recovery (for your own account!) and they are met with the security question above
Even if they did conduct research into you and for some reason you had you're Pinterest littered with pictures of fly memes, they would never guess penguin, at least logically they wouldn't!
Although you may think this is the comprehensive solution, there is another step to this
You're still using a word here, which sure, is totally unrelated to the question asked but it's still narrowly possible for somebody to get it, funnily enough, by them being illogical in relation to the question
The next step is the absolute best way to 'answer' your security questions!
Don't Make Any Sense at all
Sticking with the 'what is your favourite insect?' question, let's understand that a security question is asking you for a 'key'
Typically it's a key who's hint is given away within the question, but you're going to be smart and change it from being a hint toward the right answer into a red herring toward consistent wrong answers
For this, you'll need to put in an answer that looks more like a secure password, something like 'Pd501/x' - I've just smashed some keys on my keyboard and arrived at that, but it can be made memorable!
Although it's not many characters (you can just add to it if you like) it's very very secure when speaking relative to the security question
It's totally unrelated to a 'logical' answer to the question, a legitimate correct answer or anything related to you - or rather it should be unrelated to you!
And so with that, we've evaded the trick of the putting something logical or picking something true. But naturally, there's one more thing to do before we tick the 'account secure box'
Whether this be done using a physical notebook where you keep all your passwords, tucked away somewhere in your study or bedroom, or whether it be using a service like Dashlane or something similar, you need to be able to retrieve it - by memory or otherwise
Although you've ended up with a random selection of numbers/letters/symbols, be sure not to put some of your actual passwords as a security question answer, keep that separate
Just think up a new 'code' looking collection of characters to use in your security answers, even having them common across multiple questions might be okay
Otherwise, have specific 'codes' per type of security question!
By going through the process of above you've reached the point to where generally speaking, your security questions are pretty darn unreachable - bravo!
As I mentioned, this is a quick post but I hope it provides you with some value if you're interested in bolstering your account security
Many thanks for reading