Okta
okta.com › blog › identity security
Security Questions: Best Practices, Examples, and Ideas | Okta
Security questions are a common method of identity authentication—but are they secure? Learn the best practices, examples of good security questions, and more.
BeyondTrust
beyondtrust.com › home › resources › blog › 10 common security questions--and the tips & tricks to mitigate their threat
How Common Security Questions Can Pose a High Risk | BeyondTrust
November 20, 2024 - Learn how common and reused security questions can compromise your cybersecurity.
Videos
08:15
7 Common SECURITY GUARD Interview Questions And Answers - YouTube
16:53
SECURITY GUARD Interview Questions & Answers! (Essential Tips to ...
16:19
Answers to 9 Privacy & Security Questions EVERYONE Asks - YouTube
36:56
Every Cybersecurity Interview Question and Answer in 35 minutes ...
07:19
Top Cybersecurity Interview Questions You Must Answer to STAND OUT!
What are examples of some common security questions?
- In what city were you born?
- What is the name of your favorite pet?
- What is your mother's maiden name?
- What high school did you attend?
- What is the name of your first school?
- What was the make of your first car?
- What was your favorite food as a child?
- Where did you meet your spouse?
beyondtrust.com
beyondtrust.com › home › resources › blog › 10 common security questions--and the tips & tricks to mitigate their threat
How Common Security Questions Can Pose a High Risk | BeyondTrust
Why Are Common Security Questions a Problem?
The problem with these security questions (and with our answers) is that they become a liability when the results are leaked online, such as through a data breach, or become public knowledge. Why? Because many (in fact, thousands) of sites potentially use identical security questions. The variation from site-to-site is low, and questions for each user frequently, and inevitably, overlap across their many accounts. This standardization of security questions creates a substantial, but unnecessary, risk.
beyondtrust.com
beyondtrust.com › home › resources › blog › 10 common security questions--and the tips & tricks to mitigate their threat
How Common Security Questions Can Pose a High Risk | BeyondTrust
Are security questions still effective?
While they can be useful, security questions are most effective when paired with other methods like two-factor authentication.
passwordhero.com
passwordhero.com › blog › good-and-bad-security-questions-to-use-online-with-examples
Good and Bad Security Questions to Use Online (with Examples)
Full Scale
fullscale.io › blog › best-security-questions
Best Security Questions for Robust Protection (Examples)
Discover all the latest in technology, trends, innovation, IT news, hot skills, and culture from Full Scale's official blog.
VeePN
veepn.com › home › best security questions: selection criteria and examples
Best Security Questions: Selection Criteria and Examples | VeePN Blog
May 21, 2025 - Within the framework of this article, it seems appropriate to give examples of security questions, dividing them into two categories: efficient and inefficient. Study each carefully and decide on the best questions already today. What was your childhood best friend’s nickname? In which city did your parents meet? What’s your neighbor’s last name? How many pets did you have at 10 years old?
OWASP Cheat Sheet Series
cheatsheetseries.owasp.org › cheatsheets › Choosing_and_Using_Security_Questions_Cheat_Sheet.html
Choosing and Using Security Questions - OWASP Cheat Sheet Series
Security questions fall into two main types. With user defined security questions, the user must choose a question from a list, and provide an answer to the question. Common examples are "What is your favourite colour?" or "What was your first car?"
Ntiva's Help Center
support.ntiva.com › hc › en-us › articles › 10303992796173-10-Security-Questions-Your-Organization-Should-Be-Asking
10 Security Questions Your Organization Should Be Asking – Ntiva's Help Center
Do you provide periodic anti-fraud and security training to employees? Social engineering is another common way attackers gain access to corporate networks and systems.
BitGlint
bitglint.com › best-security-questions-all-you-need-to-know
Top 40 Best Security Questions: All You Need to Know - BitGlint
– Choose a less common favorite dish to make it harder to guess. 7. What was the model of your first car? – A typical security question that’s not easily guessed. 8. What is your mother’s middle name? – This can be secure if not shared publicly. 9. Where did you go for your first vacation? – Use a specific location that’s not prominently mentioned on social media. 10.
Published December 13, 2024
Quora
quora.com › What-are-common-password-security-questions-and-how-might-hackers-obtain-the-answers
What are common password security questions, and how might hackers obtain the answers? - Quora
Answer (1 of 26): Common security questions are used as an extended security feature to trigger out the memory of a person, what is your mother's maiden name? But these questions are affecting differently. In 2008, a 20-year-old college student hacked the Yahoo! email account for then vice-presi...
Passwordhero
passwordhero.com › blog › good-and-bad-security-questions-to-use-online-with-examples
Good and Bad Security Questions to Use Online (with Examples)
Security questions might seem simple, but they can pose significant risks if not chosen carefully. The main issue lies in their predictability. Common questions like “What is your favorite color?” or “Where were you born?” can often be answered through a quick internet search or by browsing your social media profiles.
NordVPN
nordvpn.com › blog › security-questions
How to choose the best security questions | NordVPN
May 7, 2025 - Good security questions for recovering a user’s current password should meet the following characteristics: Memorable. The answer to the question should immediately pop into your head, even if you’re logging in two years after you first created the account. Don’t make it the song you listened to on repeat 10 ...
Stumble Forward
stumbleforward.com › home › scams & identity theft › the 10 most common password security questions
The 10 Most Common Password Security Questions
February 7, 2024 - While it may seem like an extra step to get to your account when you’re in a hurry, login security questions should not be taken lightly. When you answer these ten most common security questions one or two at a time, it’s easy to overlook just how simple the answers are:
Heyiris
heyiris.ai › blog › 10-common-security-questions-answers
10 Common Security Questions & Answers: Best Practices | Iris AI
1 week ago - A good security question should have an answer that is secret, memorable to you, and stable over time. Let's walk through ten of the most common questions you'll see and break down why they often fall short of that standard, leaving your accounts more vulnerable than you think.
Uah
libguides.uah.edu › passwords › securityquestions
Security Questions - Passwords, Two-Factor Authentication, and Security Questions - LibGuides at University of Alabama Huntsville
This guide goes into more detailed looks at passwords, password managers, and two-factor authentication. On overview of security questions and their problems.
Staffbase
staffbase.com › home › blog › employee app › 10 security questions to answer for your internal communications app
10 Security Questions To Answer For Your Internal Communications App | Staffbase
August 27, 2025 - Your app/provider should know about them and be able to deal with them. The applications you use should be protected against common risks in Web applications, such as CSRF, SQLi, and XSS. Choose an app that either allows you to do penetration tests or that offers up old penetration tests results. ... 10.
Top answer 1 of 8
29
Why not allow the user to enter their own security question?
The question itself doesn't matter, it's only there to jog the memory of the user. If you let the user type their own question, they would be more likely to remember the answer and you don't have to try and think of a lot of different questions to cover all situations a user might be in (ie. they never had a pet, don't know mother's maiden name etc).
2 of 8
11
I'm taking this answer directly from goodsecurityquestions.com website, as referenced on the Security StackExchange site.
The term "security questions" is a misnomer. Security questions create a potential hole or breach in security by providing ways for unauthorized users to gain access if the answer can be discovered. Hopefully, security experts will find better ways of retrieving forgotten passwords or verifying identification during login, but until then security questions will likely prevail.
Thus, security questions have both benefits and liabilities. Poor questions create security breaches and confusion and cost money in support calls. Good security questions can be useful in the current environment, but are not common.
However, there really are NO GOOD security questions; only fair or bad questions. "Good" gives the impression that these questions are acceptable and protect the user. The reality is, security questions present an opportunity for breach and even the best security questions are not good enough to screen out all attacks. There is a trade-off; self-service vs. security risks.
Social networking (Facebook, MySpace, Twitter, personal blogs, LinkedIn) are creating more of a risk for security questions. People are generously telling all about themselves, their history, likes, favorites, and more. It easier now to find information on people.
But to actually answer your question, that site provides a list that they say are better than others that meet the criteria of:
Good security questions have four common characteristics. The answer to a good security question:
- cannot be easily guessed or researched (safe),
- doesn't change over time (stable),
- is memorable,
- is definitive or simple.
And those questions are:
- What was your childhood nickname?
- In what city did you meet your spouse/significant other?
- What is the name of your favorite childhood friend?
- What street did you live on in third grade?
- What is your oldest sibling’s birthday month and year? (e.g., January 1900)
- What is the middle name of your oldest child?
- What is your oldest sibling's middle name?
- What school did you attend for sixth grade?
- What was your childhood phone number including area code? (e.g., 000-000-0000)
- What is your oldest cousin's first and last name?
- What was the name of your first stuffed animal?
- In what city or town did your mother and father meet?
- Where were you when you had your first kiss?
- What is the first name of the boy or girl that you first kissed?
- What was the last name of your third grade teacher?
- In what city does your nearest sibling live?
- What is your oldest brother’s birthday month and year? (e.g., January 1900)
- What is your maternal grandmother's maiden name?
- In what city or town was your first job?
- What is the name of the place your wedding reception was held?
- What is the name of a college you applied to but didn't attend?
- Where were you when you first heard about 9/11?
Draftable
draftable.com › home › blog › 10 security questions you should be asking your legal tech vendors
10 security questions you should be asking your legal tech
December 20, 2024 - The key is asking 10 crucial questions. First, confirm ISO 27001 compliance, ensuring vendors meet international security standards. Additionally, verify they have cybersecurity insurance, providing financial protection against breaches.
Rippling
rippling.com › blog › security-questions
Security Questions: Risks, Best Practices, & Safe Alternatives
Cons: These may be hard to remember because tastes change over time, and answers are often too common or easily guessable. These questions ask about specific experiences, such as "Where did you go on your honeymoon?" or "What was the make of your first car?" Pros: They tend to be more secure than preference questions because the answers are factual and less likely to change.
Quora
quora.com › What-are-the-most-common-security-questions-to-retrieve-a-users-password
What are the most common security questions to retrieve a user's password? - Quora
Answer (1 of 14): Security question are gradually going away as new and better authentication systems come into play. Meanwhile, many online tools are still using security questions to retrieve credentials or verify identity. There are a lot of security questions, most are bad and shouldn’t be u...
Infosec Institute
infosecinstitute.com › resources › general-security › security-question-and-answer-tips
Security question and answer tips | Infosec
Getting to know you (for password purposes) How many times have you forgotten your password and were asked to answer security questions? This is currently o