VeePN
veepn.com › home › best security questions: selection criteria and examples
Best Security Questions: Selection Criteria and Examples | VeePN Blog
May 21, 2025 - 1.Criteria for choosing good security questions 2.Basic types of secure questions 3.Recommendations for choosing the best security questions 4.Examples of efficient and inefficient security questions 5.What is the reason for the need to use a VPN? Entering correct security answers to your question helps protect your website from critical changes.
OWASP Cheat Sheet Series
cheatsheetseries.owasp.org › cheatsheets › Choosing_and_Using_Security_Questions_Cheat_Sheet.html
Choosing and Using Security Questions - OWASP Cheat Sheet Series
For example, asking for a first name or surname could result in a two letter answer such as "Li", and a colour-based question could be four letters such as "blue". Answers should also be checked against a denylist, including: The username or email address. The user's current password. Common strings such as "123" or "password". If the security questions are not used as part of the main authentication process, then consider periodically (such as when they are changing their passwords after expiration) prompting the user to review their security questions and verify that they still know the answers.
Videos
16:53
SECURITY GUARD Interview Questions & Answers! (Essential Tips to ...
Security Guard Exam Questions And Answers (100 Must Know Questions) ...
16:19
Answers to 9 Privacy & Security Questions EVERYONE Asks - YouTube
36:56
Every Cybersecurity Interview Question and Answer in 35 minutes ...
How to Protect Yourself Online: Passwords, MFA, Identity & More ...
08:15
7 Common SECURITY GUARD Interview Questions And Answers - YouTube
What are the most common security questions?
Common security questions include:
What’s your mother’s maiden name?
What was the name of your first pet?
What city were you born in?
What’s your favorite color?
What was your childhood nickname?
What’s the name of the street you grew up on?
What’s your father’s middle name?
These are weak because the answers are often easy to guess or find online, making them less secure.
expressvpn.com
expressvpn.com › home › blog › tips & tricks › security questions: common concerns, best practices & tips
Security questions: Strengths and weaknesses
Why Are Common Security Questions a Problem?
The problem with these security questions (and with our answers) is that they become a liability when the results are leaked online, such as through a data breach, or become public knowledge. Why? Because many (in fact, thousands) of sites potentially use identical security questions. The variation from site-to-site is low, and questions for each user frequently, and inevitably, overlap across their many accounts. This standardization of security questions creates a substantial, but unnecessary, risk.
beyondtrust.com
beyondtrust.com › home › resources › blog › 10 common security questions--and the tips & tricks to mitigate their threat
How Common Security Questions Can Pose a High Risk | BeyondTrust
What are examples of some common security questions?
- In what city were you born?
- What is the name of your favorite pet?
- What is your mother's maiden name?
- What high school did you attend?
- What is the name of your first school?
- What was the make of your first car?
- What was your favorite food as a child?
- Where did you meet your spouse?
beyondtrust.com
beyondtrust.com › home › resources › blog › 10 common security questions--and the tips & tricks to mitigate their threat
How Common Security Questions Can Pose a High Risk | BeyondTrust
Okta
okta.com › blog › identity security
Security Questions: Best Practices, Examples, and Ideas | Okta
Security questions are a common method of identity authentication—but are they secure? Learn the best practices, examples of good security questions, and more.
Full Scale
fullscale.io › blog › best-security-questions
Best Security Questions for Robust Protection (Examples)
Discover all the latest in technology, trends, innovation, IT news, hot skills, and culture from Full Scale's official blog.
BeyondTrust
beyondtrust.com › home › resources › blog › 10 common security questions--and the tips & tricks to mitigate their threat
How Common Security Questions Can Pose a High Risk | BeyondTrust
November 20, 2024 - This will help limit the fallout and compromise of other accounts if the security question/answer is ever leaked. This is especially important for public figures whose history may be a part of public record or biographies posted on websites. For example, we all know the city our favorite musician or actor was born in, right? 2. Use Special Characters in Your Answers: Do not answer security questions in plain English (or your native language).
Uah
libguides.uah.edu › onlinesafety › securityquestions2fa
Security Questions and 2FA - Online Safety, Security, and Privacy - LibGuides at University of Alabama Huntsville
Security questions are a form of ... where the answers would be something memorable to the user. Common questions include prompts about pets, street names, family questions, and favorites....
Keeper Security
keepersecurity.com › home › security question and answer best practices
Security Question and Answer Best Practices
May 17, 2024 - Security questions are commonly used by websites and apps to verify your identity, typically as a backup during password recovery. These questions ask for personal information, such as your mother’s maiden name or the name of your first childhood pet, to confirm you are who you claim to be. However, since the answers to some security questions can be found online or are easy to guess, it’s important to follow best practices: choosing questions only you can answer, making your answers complex or unrelated to the actual question and avoiding reusing the same questions/answers across multiple accounts.
ExpressVPN
expressvpn.com › home › blog › tips & tricks › security questions: common concerns, best practices & tips
Security questions: Strengths and weaknesses
March 31, 2025 - They typically ask personal questions like “What was the name of your first pet?” or “What city were you born in?” The idea is that you’re the only one who knows the answer...
Infosec Institute
infosecinstitute.com › resources › general-security › security-question-and-answer-tips
Security question and answer tips | Infosec
These innocuous-seeming queries could be a weak link that could impair the usefulness of even the most secure passwords. ... Get 12 cybersecurity training plans — one for each of the most common roles requested by employers. ... This article provides tips on creating questions and answers to help you keep your accounts secure.
NordVPN
nordvpn.com › blog › security-questions
How to choose the best security questions | NordVPN
May 7, 2025 - Good security questions for recovering a user’s current password should meet the following characteristics: Memorable. The answer to the question should immediately pop into your head, even if you’re logging in two years after you first created the account. Don’t make it the song you listened to on repeat 10 years ago, and make sure it’s a fixed answer.
Top answer 1 of 8
29
Why not allow the user to enter their own security question?
The question itself doesn't matter, it's only there to jog the memory of the user. If you let the user type their own question, they would be more likely to remember the answer and you don't have to try and think of a lot of different questions to cover all situations a user might be in (ie. they never had a pet, don't know mother's maiden name etc).
2 of 8
11
I'm taking this answer directly from goodsecurityquestions.com website, as referenced on the Security StackExchange site.
The term "security questions" is a misnomer. Security questions create a potential hole or breach in security by providing ways for unauthorized users to gain access if the answer can be discovered. Hopefully, security experts will find better ways of retrieving forgotten passwords or verifying identification during login, but until then security questions will likely prevail.
Thus, security questions have both benefits and liabilities. Poor questions create security breaches and confusion and cost money in support calls. Good security questions can be useful in the current environment, but are not common.
However, there really are NO GOOD security questions; only fair or bad questions. "Good" gives the impression that these questions are acceptable and protect the user. The reality is, security questions present an opportunity for breach and even the best security questions are not good enough to screen out all attacks. There is a trade-off; self-service vs. security risks.
Social networking (Facebook, MySpace, Twitter, personal blogs, LinkedIn) are creating more of a risk for security questions. People are generously telling all about themselves, their history, likes, favorites, and more. It easier now to find information on people.
But to actually answer your question, that site provides a list that they say are better than others that meet the criteria of:
Good security questions have four common characteristics. The answer to a good security question:
- cannot be easily guessed or researched (safe),
- doesn't change over time (stable),
- is memorable,
- is definitive or simple.
And those questions are:
- What was your childhood nickname?
- In what city did you meet your spouse/significant other?
- What is the name of your favorite childhood friend?
- What street did you live on in third grade?
- What is your oldest sibling’s birthday month and year? (e.g., January 1900)
- What is the middle name of your oldest child?
- What is your oldest sibling's middle name?
- What school did you attend for sixth grade?
- What was your childhood phone number including area code? (e.g., 000-000-0000)
- What is your oldest cousin's first and last name?
- What was the name of your first stuffed animal?
- In what city or town did your mother and father meet?
- Where were you when you had your first kiss?
- What is the first name of the boy or girl that you first kissed?
- What was the last name of your third grade teacher?
- In what city does your nearest sibling live?
- What is your oldest brother’s birthday month and year? (e.g., January 1900)
- What is your maternal grandmother's maiden name?
- In what city or town was your first job?
- What is the name of the place your wedding reception was held?
- What is the name of a college you applied to but didn't attend?
- Where were you when you first heard about 9/11?
Indeed
indeed.com › career guide › interviewing › 35 security guard interview questions (with sample answers)
35 Security Guard Interview Questions (With Sample Answers) | Indeed.com
In this article, we share common security interview questions and give tips and example answers to help you prepare.
Simplilearn
simplilearn.com › home › resources › cyber security › cyber security tutorial: a step-by-step guide › top cybersecurity interview questions and answers for 2026
Top Cybersecurity Interview Questions and Answers for 2026
February 18, 2021 - Explore essential Cybersecurity Q&A: key concepts, real-world scenarios, and expert insights for aspiring professionals and interview preparation. Read Now!
Uninet
uninets.com › blog › network-security-interview-questions
Top 68 Network Security Interview Questions and Answers
September 17, 2024 - ... Basic security questions often include inquiries about password policies, access controls, encryption methods, incident response plans, and measures for protecting sensitive data from unauthorized access or breaches.
GeeksforGeeks
geeksforgeeks.org › ethical hacking › cyber-security-interview-questions
Top 60 Cyber Security Interview Questions and Answers (2025) - GeeksforGeeks
October 29, 2025 - The name only indicates that it is a virtual "private network". A user may be part of a local area network at a remote location. Create a secure connection using a tunnelling protocol.
Edureka
edureka.co › blog › interview-questions › cybersecurity-interview-questions
Top 50 Cyber Security Interview Questions and Answers in 2025
April 16, 2025 - Below are different types of network security for various aspects that might make communication easier. i) Firewall-Security: – This type of security tends to watch and also do digestion of network traffic as it either gets into or even goes out of a certain network. ii) Intrusion Detection System (IDS):– It checks network traffic to identify any form of suspicious activity that may eventually breach the pre-defined strategies implemented by an organization. Intrusion prevention systems are basically systems put in place to put away from the network of those activities that are suspicious iii) Virtual Private Networks (VPNs) are able to provide protection for unsafe connections over the internet.
Quora
quora.com › What-are-the-most-common-security-questions-to-retrieve-a-users-password
What are the most common security questions to retrieve a user's password? - Quora
Answer (1 of 14): Security question are gradually going away as new and better authentication systems come into play. Meanwhile, many online tools are still using security questions to retrieve credentials or verify identity. There are a lot of security questions, most are bad and shouldn’t be u...
FinalRoundAI
finalroundai.com › blog › cyber-security-interview-questions
25 Essential Cyber Security Interview Questions and How ...
Here are some essential interview questions to help you prepare for your next cyber security interview: ... Explain the difference between symmetric and asymmetric encryption.
Guru99
guru99.com › home › ethical hacking › cyber security › top 100+ cyber security interview questions and answers
Top 100+ Cyber Security Interview Questions and Answers
July 10, 2024 - Following are frequently asked questions in interviews for freshers as well as experienced cyber security certification candidates. 1) What is cybersecurity? Cybersecurity refers to the protection of
LoginRadius
loginradius.com › home
Best Practices for Choosing Good Security Questions
January 31, 2019 - If the question and answer have a school name or location too, such information is easily available for attackers. You can minimize both of these outcomes by creating good security questions.