What makes a good security question? A good security question produces answers that are:
- Safe: cannot be guessed or researched
- Stable: does not change over time
- Memorable: can remember
- Simple: is precise, simple, consistent
- Many: has many possible answers
Examples of Good, Fair, Poor Questions
What is the first name of the person you first kissed?
What is the last name of the teacher who gave you your first failing grade?
What was the name of your elementary / primary school?
In what city or town does your nearest sibling live?
What time of the day were you born? (hh:mm)
What is your pet’s name?
In what year was your father born?
What is your favorite _____?
Wait! Some GOOD Questions are Still BAD…
Even if a question is good, some people will not use it. Example: name of the place your wedding reception was held – but I haven’t been married?!
Which questions get used? I conducted a survey of which questions people would use. I also rated each question based on the 5 criteria above and provided rationale for each question. The results are included in the Full List of Security Questions.
Full List of Security Questions
The Full List of security questions can help you confidently select the best questions that people will actually use. The Full List includes:
- 40+ “good” questions from 200 questions
- survey results (over 350 responses) showing which questions people will actually use (“I might use this question” or “I would NOT use this question”).
- ratings of questions based on the 5 criteria (safe, stable, memorable, simple, many).
- rationale for ratings and rankings
Get the Full List for $19.50 USD
After PayPall payment, if you don’t immediately have a link to the Google sheet, please contact me.
Pay with Bitcoin, Bitcoin Cash, Ethereum, or Litecoin. But be sure to contact me so I can send you the Full List.
Why buy the Full List?
- Save time – you won’t have to search for questions
- Improve authentication – best questions that people will actually use
- Improve security – better questions are less likely to be compromised
- Reduce support calls – good questions are more memorable resulting in fewer fails
- Edit the list – add, edit, rate your own questions