From experience and research, I have found security questions are often weaker and easier to crack than passwords are. More often than not, the answers to a person’s security question can easily be looked up online. These questions should never be something anyone else would know.

Here are some examples of common security questions I have run across.

What is my social security number?
What was my first phone number?
What is my favorite sports team?
What school did i go to?

Social security numbers are an easy find for even the most basic script kiddie out there. Old phone numbers can be looked up at most public record sites. Schools and favorite sport teams are easily found on most people’s profiles on social networks.

Here are some examples of good examples of security questions.

Who was my hottest teacher?
When was I most afraid in my life?
What was the name of my first grade teacher?
What was my first pet’s name?

Following these rules and the ones found in Elements of a Secure Password will stop 99% of crackers in their tracks.

This entry was posted on Thursday, April 2nd, 2009 at 5:48 pm and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.