What makes a good security question? A good security question produces answers that are:
- Safe: cannot be guessed or researched
- Stable: does not change over time
- Memorable: can remember
- Simple: is precise, simple, consistent
- Many: has many possible answers
See designing questions for more detail on the criteria.
Examples of Good, Fair, Poor Questions
What is the first name of the person you first kissed?
What is the last name of the teacher who gave you your first failing grade?
What is the name of the place your wedding reception was held?
What was the name of your elementary / primary school?
In what city or town does your nearest sibling live?
What time of the day were you born? (hh:mm)
What is your pet’s name?
In what year was your father born?
What is your favorite _____?
Why are some questions good, fair, or poor? The Full List of Security Questions below answers this.
Wait! Some GOOD Questions are Still BAD…
Even if a question is good, some people will not use it, because it doesn’t work for them. Example: name of the place your wedding reception was held – but if I haven’t been married I won’t use that question. So which GOOD questions will get used?
From over 175 questions I took the best and conducted a survey of which questions people would use. There are now over 350 responses. I also rated each question based on the 5 criteria above, ranked the questions, and provided rationale for each question. The results are included in the Full List of Security Questions.
The Full List of security questions can help you confidently select the best questions that people will actually use. The Full List includes:
- 40+ “good” questions from 175+ questions
- survey results (over 350 responses) showing which questions people will actually use (“I might use this question” or “I would NOT use this question”).
- ratings of questions based on the 5 criteria (safe, stable, memorable, simple, many).
- rationale for ratings and rankings
Why buy the Full List?
- Save time – you won’t have to hunt the internet for lists or check other registration forms
- Improve authentication – get the best possible questions that people will actually use
- Improve security – better questions are more secure and less likely to be compromised – protect your users and your website
- Reduce support calls – good questions are more memorable and accurate resulting in fewer fails
- Edit the list and enter your own ratings – download the spreadsheet to edit