Answering This ‘Security Question’ Could Put You at Risk

It might be the biggest password breach ever…

Last week, magazine and blog publisher Time Inc. confirmed that a hacker stole usernames and passwords from more than 360 million accounts on the once-popular social media site MySpace.

For comparison, the big breach at social media site LinkedIn recently exposed more than 160 million accounts… while a hacker accessed 65 million passwords at Yahoo’s blog site, Tumblr.

It’s just another addition to a long list of hacks in recent years.

This is a good reminder of the importance of having a different password for each online service that you use. But even if you take this step, there’s a security “feature” that might actually put you more at risk…


If you’ve signed up for an account on many big commercial websites, you’ve probably been asked a few questions that seemed a little too personal…

Many websites ask extra “security questions” when you register. Like your first pet’s name, the color of your first car, or your mother’s maiden name. If you ever forget your password, the site can use these questions to verify your identity.

Here’s the problem: Instead of protecting your personal account information, they may be doing the exact opposite. The easier a question is to remember, the easier it is for a hacker to guess…

There are two main flaws with these questions.

First, the answers might be easy to guess. Cars only come in so many colors. For example, a popular security question is: “What is your favorite food?” According to research by Google, 19.7% of folks answer “pizza.”

Second, someone could use social media accounts or a quick online search to find out the information. The amount of information online today is incredible.

If you can – use “two-factor authentication” instead of answering security questions. Two-factor authentication requires your password plus another piece of information – like a code sent to your e-mail or mobile device associated with your account – to log in to a website.

And if a website requires you to use security questions, I recommend you create your own question… something that needs a detailed answer that someone can’t find online. Or if you can’t do that, give unrelated answers.

For example, if the question is “What was the color of your first car,” answer with something like “campingmelon” or – even more secure – a random sequence of letters, numbers, and symbols.

If you’re not able to remember the answers, you can write them down (just keep the paper secure) or use a password manager like LastPass. LastPass can even generate the answers for you. You can download the free basic program right here.

And if you’d like to learn more ways to protect your privacy online, be sure to read The Doctor’s Protocol Field Manual. Retirement Millionaire subscribers can read my book immediately right here. (If you’re not a subscriber yet, you can find out how to join by clicking here.)

What We’re Reading…