The 10 Most Common Password Security Questions

Password security questions are meant to add a layer of security to online account logins. Still, with the advent of social media, the answers to the most common password security questions are increasingly easy for others to answer.

The integrity of these website security questions is also damaged because many people view them as more of a nuisance than an effective security measure.

According to Gartner Research, so-called self-service challenge questions can save companies between $51 and $147 for each password reset question handled through the web rather than by phone.

While it might save companies money to do this, it costs customers identity theft. It is easier for identity thieves to impersonate someone over the internet than even in a phone call, and customers who do not protect themselves are committing these types of crimes.

Identity thieves can use stolen personal information for more than just financial fraud. A correct guess to just one computer security question can give thieves the information they need to pose as someone else in person at a hospital or during a traffic stop.

The Most Common Security Questions

While it may seem like an extra step to get to your account when you’re in a hurry, login security questions should not be taken lightly. When you answer these ten most common security questions one or two at a time, it’s easy to overlook just how simple the answers are:

What Is your favorite book?
What is the name of the road you grew up on?
What is your mother’s maiden name?
What was the name of your first/current/favorite pet?
What was the first company that you worked for?
Where did you meet your spouse?
Where did you go to high school/college?
What is your favorite food?
What city were you born in?
Where is your favorite place to vacation?

Using questions like these, researchers at Microsoft and Carnegie Mellon (pdf) found that people with no knowledge of the person whose account they were hacking could guess the correct answer 15% of the time.

Think about it; most of these questions are topics discussed on a first date and are common material for social network profiles and updates.

How Identity Thieves Get The Answers to Your Computer Security Questions

You might think that you’re safe from having your computer security questions guessed if you limited the privacy setting of your social network updates to friends only, but did you also limit your profile information?

ID Analytics and Harris Interactive found that over 70 million adults publicly share their birthplace on their social network profiles.

Going even deeper, a 2010 survey by ID Analytics found that almost 20 million Americans have revealed their pets’ names on social networks.

But you wouldn’t share the answers to your security questions, right? Even if there are multiple security questions for a single login, a determined identity thief could do the following:

Find the answer to “Where did you go to high school/college?” on your LinkedIn
Viewing your Twitter feed, guess the answer to “What is your favorite food?”.
Look up the answer to “What is the name of the road you grew up on?” using a public records search – or find it on a forum or social network from an update you made about the Soap Opera Name Game, which would also reveal the name of your first pet.

With this information, identity thieves can unlock your account on virtually any website, from your social network to your online banking.

Not only can criminals with this type of access drain your bank account and ruin your credit history, but they can also pose as you in person. Consider the following true stories:

Malcolm Byrd was arrested repeatedly and fired from his job after a drug-dealing criminal posed as him during an arrest.
Anndorie Sachs was accused of giving birth to a child addicted to methamphetamine – two years after the birth of her last child.
Besouro Abdul Zagon was able to enter the U.S. using the identity of Donald Benjamin to obtain a passport, then obtained federal aid for himself and his family and citizenship for his children, who were born in Antigua.

To protect yourself, always choose the most difficult security questions offered. Avoid publicly sharing the answers to these questions, and think about masking your profile information on social networks.

Finally, consider choosing a fake answer to your security questions. An answer that is not true will be much harder for someone else to guess, but make sure you can remember it so that you are not locked out of your account.

Also, most antivirus software, including Bitdefender and Norton, offers a password manager as an added utility. So you no longer have to worry about remembering all your passwords.

These tools automatically store your passwords in a secure, encrypted vault, which means you do not need to enter your password over and over again.

Other dedicated password management tools are LastPass, BitWarden, and 1Password.