The lists below are examples of good, fair, and poor security questions. What makes a good security question? The answer to a good security question has the following criteria:
- Safe: cannot be guessed or researched
- Stable: does not change over time
- Memorable: can remember
- Simple: is precise, simple, consistent
- Many: has many possible answers
See designing questions for more detail on these criteria.
Below are examples of many questions I’ve collected and evaluated within the categories of good, fair, and poor. But even if a question is good, some people will not use it. To get survey response of which questions they might use along with ratings and ranking of questions see the Full List of security questions.
What is the first name of the person you first kissed?
What is the last name of the teacher who gave you your first failing grade?
What is the name of the place your wedding reception was held?
In what city or town did you meet your spouse/partner?
What was the make and model of your first car?
What was the name of your elementary / primary school?
In what city or town does your nearest sibling live?
What was the name of your first stuffed animal or doll or action figure?
What time of the day were you born? (hh:mm)
What was your favorite place to visit as a child?
What is your pet’s name?
In what year was your father born?
In what county where you born?
What is the color of your eyes?
What is your favorite _____?
Why are some questions good, fair, or poor? The Full List of security questions explains. Also, the Full List includes survey results that show which questions people won’t use even if the questions are good.
Do you have questions or suggestions for security questions? Please contribute to the discussion.