What makes a good security question? A good security question produces answers that are:
- Safe: cannot be guessed or researched
- Stable: does not change over time
- Memorable: can remember
- Simple: is precise, simple, consistent
- Many: has many possible answers
See designing questions for more detail on the criteria.
Examples of Good, Fair, Poor Questions
What is the first name of the person you first kissed?
What is the last name of the teacher who gave you your first failing grade?
What was the name of your elementary / primary school?
In what city or town does your nearest sibling live?
What time of the day were you born? (hh:mm)
What is your pet’s name?
In what year was your father born?
What is your favorite _____?
Why are some questions good, fair, or poor? The Full List of Security Questions below answers this.
Wait! Some GOOD Questions are Still BAD…
Even if a question is good, some people will not use it, because it doesn’t work for them. Example: name of the place your wedding reception was held – but if I haven’t been married I won’t use that question. So which GOOD questions will get used?
I selected the best questions and conducted a survey of which questions people would use. There are now over 350 responses. I also rated each question based on the 5 criteria above, ranked the questions, and provided rationale for each question. The results are included in the Full List of Security Questions.
The Full List of security questions can help you confidently select the best questions that people will actually use. The Full List includes:
- 40+ “good” questions from 180+ questions
- survey results (over 350 responses) showing which questions people will actually use (“I might use this question” or “I would NOT use this question”).
- ratings of questions based on the 5 criteria (safe, stable, memorable, simple, many).
- rationale for ratings and rankings