7 Online Security Questions That Are Highly Questionable

Protect your identity and your finances with these security question tips.
Olena Yakobchuk / Shutterstock.com

Hackers are always on the prowl for their next victims. That doesn’t mean you should live in fear that someone could access your personal information. But you should evaluate whether you’re making it too easy for hackers to get into your online accounts.

One weak point in your line of defense could be the security questions you choose when setting up your accounts. If your password is weak and you choose questions with answers that are easily guessed or found through searches, you’re not protecting your account very well at all.

Cyber-thieves are usually looking for an easy win, said Jason Glassberg, co-founder of the cybersecurity firm Casaba. “Raising the bar even slightly gives you a much better advantage.”

Here are seven security questions you need to know to avoid becoming the next victim of identity theft.

What is your mother’s maiden name?
Monkey Business Images / Shutterstock.com

1. What is your mother’s maiden name?

This is a common security question option, and one you’re likely to choose because you won’t forget the answer. But the answer also is easy for hackers and identity thieves to track down online.

“That’s the kind of somewhat easy-to-gain information that makes for a terrible security question,” Glassberg said.

Facebook is a good source for hackers to find this information, because it allows people to list family members on their “About” pages. Someone could simply click on that page and see if your mom is listed and has used her maiden name in addition to her married name on her profile.

Related: 5 Signs You're the Victim of Identity Theft

If you must use this security question, you need to take steps to protect your identity. Make sure you have a strong password with uppercase and lowercase letters, numbers and symbols, so hackers can’t even arrive at the point where they have to answer security questions. Glassberg recommended using a password manager service such as LastPass or Dashlane to generate unique account passwords and store them for you.

“One of the biggest problems we see in terms of people’s behavior on the web is they tend to not use sophisticated passwords, and they use the same password on several sites,” Glassberg said. “Using one of these password managers forces you to have different passwords.”

What is your sibling’s name?
Monkey Business Images / Shutterstock.com

2. What is your sibling’s name?

“'What is the name of your closest sibling?’ is a popular question and not too difficult to figure out by doing a web search,” Glassberg said. That’s why it’s another question you shouldn’t choose if you want to avoid getting hacked.

Or you could treat the answer as a second password, Glassberg said. That is, use upper and lowercase letters, numbers and symbols to create the answer. For example, if your sister’s name is Elizabeth, you could enter it as EL!3ab*tH001+.

Where were you born?
iko / Shutterstock.com

3. Where were you born?

Avoid choosing a question about where you were born or where you live now, because that information can be found easily online, Glassberg said. If you do choose this type of question, don’t use the actual city as your answer; instead, pick another place or something entirely nonsensical.

For example, if you’re a fan of “The Lord of the Rings,” you might enter your answer as “Mordor,” he said. It should be something that makes sense to you but no one else.

What is your favorite pet’s name?
AlikeYou / Shutterstock.com

4. What is your favorite pet’s name?

The answer to this question could be easy for hackers to guess if they start typing in common pet names, Glassberg said. Or hackers will look at your social media accounts to see if you’ve posted any pictures of your pet and listed its name, he said.

“Even if you think something is hard to find on social media, people who want to break into your account will take time to find the answer,” said Ruby Gonzalez, head of communications at NordVPN, an online privacy and security service provider. She suggested that, rather than answer a security question such as, “What is your favorite pet’s name?” with the name of your pet, you should lie. Pick a word or catchphrase that you can remember but others won’t discover by poking around online.

Don't Miss: 5 Things Hackers Love to See You Share on Social Media

What’s the first name of your favorite elementary school teacher?
wavebreakmedia / Shutterstock.com

5. What’s the first name of your favorite elementary school teacher?

Choosing a question about a person’s name could make it easy for hackers to guess the answer. They could simply go through a list of popular names, Gonzalez said. If you want to find the best security questions, answer questions of this type incorrectly.

“If they have enough computer power, they could mount a brute force attack,” she said. "Create something that means something to you."

Where did you go to high school?
Monkey Business Images / Shutterstock.com

6. Where did you go to high school?

There are plenty of ways for thieves and hackers who want to access your accounts to track down the answer to this question. They might be able to find it on your social media accounts or through an online search, for example. In fact, Facebook even has groups for people who attended particular high schools or colleges.

“A lot of strange information is kept about folks,” Glassberg said. “Doing a search on your name, people are often shocked by how much information is out there on them.”

Rather than choose this question, opt for one with an answer that can’t be found with an online search or by browsing your social media pages.

What is your favorite sports team?
Mitchell Leff / Getty Images

7. What is your favorite sports team?

Hackers who want to figure out the answer to this question will start by pinpointing the teams in the town where you live, Gonzalez said. So, if you live in Los Angeles and are a Lakers fan, it won’t be too hard for someone to get the answer to this question right.

“There are really no good security questions,” Gonzalez said. If possible, opt for another form of identity verification, such as a two-factor authentication that requires you to enter a password and then a code that is sent by text message to your phone.

Glassberg said that this option provides much more security, because not only would a hacker have to know your password, but he would also need your phone to receive the text message with the code that has to be entered to access your account.

“It becomes a much higher peak to climb,” he said.

Next Up: The Biggest Money Scams of All Time

Share this article:

facebook sharing button
twitter sharing button
linkedin sharing button
email sharing button

About the Author

Cameron Huddleston

Cameron Huddleston is an award-winning journalist with more than 18 years of experience writing about personal finance. Her work has appeared in Kiplinger’s Personal Finance, Business Insider, Chicago Tribune, Fortune, MSN, USA Today and many more print and online publications. She also is the author of Mom and Dad, We Need to Talk: How to Have Essential Conversations With Your Parents About Their Finances. U.S. News & World Report named her one of the top personal finance experts to follow on Twitter, and AOL Daily Finance named her one of the top 20 personal finance influencers to follow on Twitter. She has appeared on CNBC, CNN, MSNBC and “Fox & Friends” and has been a guest on ABC News Radio, Wall Street Journal Radio, NPR, WTOP in Washington, D.C., KGO in San Francisco and other personal finance radio shows nationwide. She also has been interviewed and quoted as an expert in The New York Times, Chicago Tribune, Forbes, MarketWatch and more. She has an MA in economic journalism from American University and BA in journalism and Russian studies from Washington & Lee University.

Read More


See Today's Best
Banking Offers