I Padlockhave recently had to sign up to another service on the internet and was prompted as part of the registration to the site to answer a set of security questions.

Having done this for a number of sites, there are always some questions that come up that are the same.

  • Where did you first nnnnn?
  • What is the name of nnnnn?
  • What is your favorite nnnnn?

(Where nnnnn is the phrase added)

People accept these questions and complete them as they complete their registrations. However in todays’ Social Society and growing IoT (Internet of Things), how much of this information is actually online already and available through some searches making the answers easy to guess?

When you stop and think about what you have Tweeted, Facebooked or Linkedin – Probably quite a lot.

A number of these questions are repeated through a number of sites that just use a standard list make the answers given on these questions weak. Ask yourself how many times you’ve answered the pet question and have you put pictures of your pet on facebook. Maybe you haven’t chosen this particular question, but think about other questions you have answered in a similar way.

The one thing I liked about my recent registration to a site was the option to “Create Your Own”. This way I can create questions and answers that only I really know the answer to and may not have inadvertently been placed on some social site in the past.

Any good site that requires security questions should really do away with the easy to research options and go for the more harder “Create Your Own” option.

Stop and think next time you have these questions presented on a registration page. Can you “Create Your Own”?