We are independent & ad-supported. We may earn a commission for purchases made through our links.
WiseGEEK

Advertiser Disclosure

Our website is an independent, advertising-supported platform. We provide our content free of charge to our readers, and to keep it that way, we rely on revenue generated through advertisements and affiliate partnerships. This means that when you click on certain links on our site and make a purchase, we may earn a commission. Learn more.

How We Make Money

We sustain our operations through affiliate commissions and advertising. If you click on an affiliate link and make a purchase, we may receive a commission from the merchant at no additional cost to you. We also display advertisements on our website, which help generate revenue to support our work and keep our content free for readers. Our editorial team operates independently from our advertising and affiliate partnerships to ensure that our content remains unbiased and focused on providing you with the best information and recommendations based on thorough research and honest evaluations. To remain transparent, we’ve provided a list of our current affiliate partners here.
Technology

What Is a Security Question?

By Emily Daw
Updated Jan 25, 2024
Our promise to you
WiseGEEK is dedicated to creating trustworthy, high-quality content that always prioritizes transparency, integrity, and inclusivity above all else. Our ensure that our content creation and review process includes rigorous fact-checking, evidence-based, and continual updates to ensure accuracy and reliability.

Our Promise to you

Founded in 2002, our company has been a trusted resource for readers seeking informative and engaging content. Our dedication to quality remains unwavering—and will never change. We follow a strict editorial policy, ensuring that our content is authored by highly qualified professionals and edited by subject matter experts. This guarantees that everything we publish is objective, accurate, and trustworthy.

Over the years, we've refined our approach to cover a wide range of topics, providing readers with reliable and practical advice to enhance their knowledge and skills. That's why millions of readers turn to us each year. Join us in celebrating the joy of learning, guided by standards you can trust.

Editorial Standards

At WiseGEEK, we are committed to creating content that you can trust. Our editorial process is designed to ensure that every piece of content we publish is accurate, reliable, and informative.

Our team of experienced writers and editors follows a strict set of guidelines to ensure the highest quality content. We conduct thorough research, fact-check all information, and rely on credible sources to back up our claims. Our content is reviewed by subject matter experts to ensure accuracy and clarity.

We believe in transparency and maintain editorial independence from our advertisers. Our team does not receive direct compensation from advertisers, allowing us to create unbiased content that prioritizes your interests.

A security question is a question used to verify a person's identity on a password-protected network or Web site. Users typically choose one out of a number of biographical questions to answer when they create online accounts. Then, if a user forgets the password, he or she will be prompted to answer this security question. If the question is answered correctly, the system will send information on how to reset the password. Security questions may also be used as a secondary form of identity verification after the password is entered, for instance if the user is logging in from an unknown location.

Security questions have gained favor since the early 2000s as a result of what is sometimes called "password chaos." Someone who uses the Internet for work, school, banking, personal communications, etc., may have dozens of different usernames and passwords that he or she may easily confuse. Before the advent of security questions, the user might have to call customer service to have the password reset manually. Sites that allow users to reset their passwords by means of a security question saves money for companies and time for the users.

Although security questions are a convenient way of resetting a password, they are generally considered far less secure than the password itself. A common security question, for instance, is "What is your mother's maiden name?" This information, while it might not be widely known, can often be found via a little bit of Internet sleuthing, thus compromising the user's account. Other information that is sometimes used in security questions might include the names of pets, favorite vacation spots, or school information, much of which is routinely posted on social networking sites.

Due to these security risks, both users and network developers must be careful about the security questions they choose as well as how they answer them. A good security question should have many possible answers that a hacker would not likely be able to guess. Users should be careful not to post information related to the security question anywhere on the Internet.

Developers should also phrase questions in such a way that there is only one possible way to write the answer. For example, the answer to the question, "What is your mother's date of birth?"could be written "1 July 1948," "July 1, 1948," "7/1/1948," or any number of other ways. A user who forgot his or her password is not likely to remember in which way he or she wrote the answer, making this is a poorly written security question. A better question would be, "What is the month and year of your mother's birth (e.g. July 1948)?"

WiseGEEK is dedicated to providing accurate and trustworthy information. We carefully select reputable sources and employ a rigorous fact-checking process to maintain the highest standards. To learn more about our commitment to accuracy, read our editorial process.
See our Editorial Process Share Feedback

Discussion Comments

By Fa5t3r — On Sep 07, 2014

@pastanaga - I'm a bit paranoid about security in general, so I'm not a big fan of easy security questions either. I try to make my passwords difficult, usually by mashing several words together and using a mix of capitals and numbers.

It annoys me that access to an account could then depend on someone knowing the year I was born. But I think that kind of question is becoming less and less common.

By pastanaga — On Sep 06, 2014

@browncoat - I don't mind the security questions. In fact, I kind of like the fact that they are a bit obvious with my less important accounts, because if I pass away or something, I'd like my family to be able to get access to them if they need to.

I've noticed that most of my really secure accounts, like banking or good email, have more layers of security than just a few simple questions, or may even allow you to make up your own security questions.

One of my banks even sent me a little gadget to produce random numbers as access codes rather than using a password at all. Which can be annoying, but at least I know it's secure.

By browncoat — On Sep 05, 2014

I really think security questions are pointless most of the time. They are almost always something that would be easy for anyone to find out, like your father's middle name, or the city you were born in. These are facts that can be researched with ease online, or will be known to anyone close to the person.

I tend to use my security questions as an additional password, by making something up rather than using the truth.

WiseGEEK, in your inbox

Our latest articles, guides, and more, delivered daily.

WiseGEEK, in your inbox

Our latest articles, guides, and more, delivered daily.