Phrase it better

Sangeet Toor 

Security questions have been used for more than a century now. With the advent of the Internet and web applications, the use of security questions rose. The purpose of using them is to create a shared secret, which is the answer to the question that can be used to authenticate the identity of a user.

Security question and secret answer pair is meant to be central to the trust that must be maintained for an extended period between a user and a service provider. This established trust ensures that when the time arises for the user to reset the password, the secret is revealed, and the service provider is assured that the person requesting a new password is in fact the legitimate user.

Salient feature of secret answer is that it should be convenient for the user to remember when the time arises. What is the maiden name of your mother’s mother? Ghuman. That’s the secret. Easily recalled when needed. A fixed parameter that can not be changed in present. That’s the truth. What is your childhood best friend’s name? Preeti. You are sure you would remember her name when the testing times would come. No one can change the fact that Preeti was your best friend. You lost contact when you were 10. Then you reconnected on Facebook.

She is married and has one child. You often post comments on her picture, and she does the same on yours. You remind each other of the golden olden days when you were best friends. At this precise time, when you both remind each other in writing, your friends and her friends get to know the truth. Your secret is in the public domain now. 

Similarly, if your security question is ‘What is the make and model of the first car you owned?’, and your social media is replete with the pictures of a brand new Toyota Camry with clear caption: ‘Finally, my own car!’, the answer is no more a secret. Anyone can search the information about you online and reset and hence takeover all your profiles. Anyone can become you online.

So, as long as the security questions are used and trusted by the web applications, it is better to improvise the answer to maintain its secrecy. For that the answer must not be forgettable and must not be guessable.

In order to fulfil both the conditions mentioned above, the answer should have password like qualities. It should still not be forgettable. Following are the key points that a safe and secure answer must have eight or more characters, should be a combination of letters, numbers and special characters, should not be a dictionary word and should never be the truth.

Take the case of your first car. The secret answer can be t0Yotc@m. Another way to keep an answer secret is to make up an unforgettable lie. This lie must not be a plain dictionary word. Your mother’s maiden name could be ()Rang3Juice.

Overall, following are the steps you should take to make it more difficult for the hackers to get into your personal accounts.

Make your own questions: Move away from the questions that ask about family and favourite things. Such generic questions are not secure as their answers are not secret. Be creative. The question could be ‘How did the Universe come into being?’. The answer could be !d0ntCare.

Never use the same answer to multiple security questions: This point is a no brainer. If an online service provider is asking for three different security questions, set three different answers.

Clean up your social media: Take a quick glance at your social media profile and if you see generic security answers hanging around in pictures and comments, just delete the answers. Minimise the personal information while creating the new accounts too. Answer only the fields that are starred.

Set-up two factor authentication: Security question is just another layer to keep your account secure. Use all the tools provided to add more security. Two-factor authentication is another layer that your must set up if you haven’t done that already.

Use a password manager: It is a viable option as everything is online and there are tens of accounts per individual. It is beyond human mind to memorise that many passwords and that many secret answers (means more passwords). A password manager does the job for you.

Try these tips and make your online presence more secure.