SECURITY questions are utilised by numerous organisations to verify a user when the password has been forgotten. Common security questions include, where you grew up, mother’s maiden name and the primary school that you attended.

A malicious actor could obtain the necessary information if a website was breached that contained the answers to the security questions. Therefore, if the same answers are utilised (this is common as your mother’s maiden name will not change) this could be used to potentially obtain access to additional accounts.

An additional method a malicious actor could utilise is to obtain this information by searching social media accounts (i.e. Facebook, Twitter and LinkedIn).

Information relating to favourite football team, where you met your partner and where you grew up can be easily obtainable if you are not cautious what information you upload to these sites. Therefore, you should ensure that any personal information relating to security questions are not easily obtainable.

Although this defeats the purpose of memorable data, it is advised to make every answer unique and not guessable.

You should use a combination of letters, numbers and symbols. If you are concerned that you will forget this information, a password manager (i.e. LastPass) can be used to store all your passwords and security questions for each site. However, ensure that the password manager has a strong complex password containing at least 10 characters.

Alternative methods to weak security questions is to implement two factor authentication on the account to reduce the reliance on the security questions being used a sole method of authentication.