Your mother’s last name, your partner’s name, some numbers that mean something to you, and the symbols to finish making your passwords indecipherable… Choosing the password for our tools, services or digital sessions is the first act that puts up a barrier between your data and cybercriminals. But many people trust the “security questions” that some operating systems like Windows have. In these cases, it is a serious mistake to enter truthful information, even if it is to recover the real password you entered. Discover the reasons why using security questions is not recommended in certain cases.
With the aim of easily recovering passwords, Microsoft and other companies launched the popular “security questions.” By putting a series of questions and the answers, we could recover the password to access the system or service, without needing to take further steps. Although at first this may seem very safe, because we have to answer several questions, the truth is that it is not the most recommended.
What are security questions?
You’ve probably come across questions like “What’s the name of your first pet?” or “What street did you grow up on?” when you try to recover a forgotten password. These questions are called password hints, which were originally designed to help you remember your passwords if you forgot them. The idea is that it is data that only you know. However, at present, these methods are more vulnerable than useful.
Password hints may seem harmless, but they actually open a door for attackers to access your accounts. Because? Because the information they usually ask for is relatively easy to obtain. Nowadays, many personal details, such as the name of your pet or the street where you grew up, are available on social networks. We often share this information without much thought. And, of course, a cybercriminal could use it to guess your security answers and access your accounts.
Think about it: even with a simple conversation or a quick search on your public profiles, someone could find out this data. You don’t need to be an expert hacker to achieve this. Therefore, password hints do not add any layer of security, on the contrary, they are a major vulnerability.
How to protect yourself without depending on these questions
The easiest solution is to stop using these security questions. If a platform forces you to set one up, I recommend using a random, meaningless answer, something that has no relation to you, such as a second password combining letters, numbers, and symbols. Of course, if you are afraid of forgetting it, you can save it in a safe place such as a container encrypted with VeraCrypt. But, ideally, you should rely on more secure tools to manage them, such as a password manager and even a second authentication factor.
Use a password manager
Nowadays, password managers are your best allies. These programs generate strong passwords, store them, and automatically fill them in when you need them. So you don’t have to worry about remembering your passwords or using security tips. Apps like LastPass, Bitwarden, or 1Password are great options to ensure your passwords are unique and secure.
Activate two-step authentication (2FA)
Another highly recommended security measure is two-factor authentication, also known as 2FA. This means that in addition to your password, you need a second verification method, such as a code that is sent to your mobile. Even if someone gets your password, they won’t be able to access your account without that second factor. Platforms such as Google, Facebook and many more already allow you to activate this option.
For all this, security questions and answers may seem like a good idea to recover your password, but in reality they are a trap that makes it easier to access your accounts. It’s time to update your security practices and opt for more reliable alternatives, such as password managers and two-factor authentication. This will better protect your personal information and reduce the risk of your accounts being hacked. Internet security starts with small decisions.
