Hackers are always on the prowl for their next victims. That doesn’t mean you should live in fear that someone could access your personal information. But you should evaluate whether you’re making it too easy for hackers to get into your online accounts.
One weak point in your line of defense could be the security questions you choose when setting up your accounts. If your password is weak and you choose questions with answers that are easily guessed or found through searches, you’re not protecting your account very well at all.
Cyber-thieves are usually looking for an easy win, said Jason Glassberg, co-founder of the cybersecurity firm Casaba. “Raising the bar even slightly gives you a much better advantage.”
Here are seven security questions you need to know to avoid becoming the next victim of identity theft.
1. What is your mother’s maiden name?
This is a common security question option, and one you’re likely to choose because you won’t forget the answer. But the answer also is easy for hackers and identity thieves to track down online.
“That’s the kind of somewhat easy-to-gain information that makes for a terrible security question,” Glassberg said.
Facebook is a good source for hackers to find this information, because it allows people to list family members on their “About” pages. Someone could simply click on that page and see if your mom is listed and has used her maiden name in addition to her married name on her profile.
If you must use this security question, you need to take steps to protect your identity. Make sure you have a strong password with uppercase and lowercase letters, numbers and symbols, so hackers can’t even arrive at the point where they have to answer security questions. Glassberg recommended using a password manager service such as LastPass or Dashlane to generate unique account passwords and store them for you.
“One of the biggest problems we see in terms of people’s behavior on the web is they tend to not use sophisticated passwords, and they use the same password on several sites,” Glassberg said. “Using one of these password managers forces you to have different passwords.”
2. What is your sibling’s name?
“'What is the name of your closest sibling?’ is a popular question and not too difficult to figure out by doing a web search,” Glassberg said. That’s why it’s another question you shouldn’t choose if you want to avoid getting hacked.
Or you could treat the answer as a second password, Glassberg said. That is, use upper and lowercase letters, numbers and symbols to create the answer. For example, if your sister’s name is Elizabeth, you could enter it as EL!3ab*tH001+.
3. Where were you born?
Avoid choosing a question about where you were born or where you live now, because that information can be found easily online, Glassberg said. If you do choose this type of question, don’t use the actual city as your answer; instead, pick another place or something entirely nonsensical.
For example, if you’re a fan of “The Lord of the Rings,” you might enter your answer as “Mordor,” he said. It should be something that makes sense to you but no one else.
4. What is your favorite pet’s name?
The answer to this question could be easy for hackers to guess if they start typing in common pet names, Glassberg said. Or hackers will look at your social media accounts to see if you’ve posted any pictures of your pet and listed its name, he said.
“Even if you think something is hard to find on social media, people who want to break into your account will take time to find the answer,” said Ruby Gonzalez, head of communications at NordVPN, an online privacy and security service provider. She suggested that, rather than answer a security question such as, “What is your favorite pet’s name?” with the name of your pet, you should lie. Pick a word or catchphrase that you can remember but others won’t discover by poking around online.
5. What’s the first name of your favorite elementary school teacher?
Choosing a question about a person’s name could make it easy for hackers to guess the answer. They could simply go through a list of popular names, Gonzalez said. If you want to find the best security questions, answer questions of this type incorrectly.
“If they have enough computer power, they could mount a brute force attack,” she said. "Create something that means something to you."
6. Where did you go to high school?
There are plenty of ways for thieves and hackers who want to access your accounts to track down the answer to this question. They might be able to find it on your social media accounts or through an online search, for example. In fact, Facebook even has groups for people who attended particular high schools or colleges.
“A lot of strange information is kept about folks,” Glassberg said. “Doing a search on your name, people are often shocked by how much information is out there on them.”
Rather than choose this question, opt for one with an answer that can’t be found with an online search or by browsing your social media pages.
7. What is your favorite sports team?
Hackers who want to figure out the answer to this question will start by pinpointing the teams in the town where you live, Gonzalez said. So, if you live in Los Angeles and are a Lakers fan, it won’t be too hard for someone to get the answer to this question right.
“There are really no good security questions,” Gonzalez said. If possible, opt for another form of identity verification, such as a two-factor authentication that requires you to enter a password and then a code that is sent by text message to your phone.
Glassberg said that this option provides much more security, because not only would a hacker have to know your password, but he would also need your phone to receive the text message with the code that has to be entered to access your account.
“It becomes a much higher peak to climb,” he said.
Next Up: The Biggest Money Scams of All Time