When creating a new account (social media, banking, or anything else!), a website will often prompt you to create answers to security questions. The questions are designed to help you recall information that is easy to remember, but also, unfortunately, easy to guess!
For the most part, we are taught and in turn teach our children not to lie. In most cases, that’s great – honesty is the best policy! But sometimes, as in the case of passwords and answers to security questions, honesty can also be a risk. If a “bad guy/gal” wants to get your password, they can possibly answer their way into your most private websites and reset security questions with answers that might be easily found on social media, news or elsewhere online. It’s important to ask when deciding on answers, can anyone determine the names of your pets, your school, or your favorite color or food from looking at your social media profiles or posts? If the answer is yes, you might be in trouble. When it comes to cyber security and defending against social engineering, sometimes it can actually be appropriate or even recommended to lie about the possible answers to security questions – so long as you are able to remember what you’ve lied about, and in turn, do so consistently (use a password manager to store your made up answers).
This is a great learning opportunity for families to talk about being clever when choosing security questions and their answers. Kids might not think twice about choosing “What is your street address (number)?” because they know they’ll remember it. This is when it’s good to remind them that by using information personal to themselves and the family, they might be putting themselves at risk for exploitation. Someone might be pretending to be them, for example, or they might be using that information to access other information with more serious implications – so it’s all around better to avoid giving anyone (website or otherwise) an easy in.
There are two recommended options to stay away from this – the first is to try using false but similar information. This lie could be something related to a truth; for example, if the question is “What high school did you go to?” and the actual answer is “Jefferson High School”, you might try “Washington.” Similar, and easy enough to remember, but not true.
Another option is to assume that regardless of what question you choose, you will always choose answers that you can consistently remember but that are unrelated to the question – for example, “Tangerine” and “Soda”. Then, when responding to “What is your mother’s maiden name?” and “Where did you go to high school?” and the answers are “Tangerine” and “Soda” respectively, the thing you have to remember becomes much easier – plus, anyone scoping out this information will get thrown off the trail.
Of course, there are a number of issues with this approach that should be discussed with your family when deciding whether or not to use lies in the aforementioned ways. The first issue is that if you use the same words as answers to all questions, and those words are figured out, then you might end up in the same situation as if you told the truth – someone can figure it out! The second issue is that it can be hard to remember a lie. If you started answering site questions honestly, and then switched to lying, then you may not remember which one is which! The result can be very frustrating, especially when a site does not give you multiple tries to answer the security questions correctly.
More than anything, kids and adults alike should remember the gravity of using personal information online. Even tools that appear to be helpful, like security questions, can be leveraged by the wrong people. By having a plan to answer security questions, you can keep yourself protected. Of course, there’s always the wildcard option: use an answer like “Supercalifragilisticexpialidocious” for everything – as long as you can remember how to spell it 😉
Savvy Cyber Kids educates and empowers digital citizens, from parents and grandparents, to teachers and students. Sign up for our free resources to help you navigate today’s digital world with cyber ethics. See more cyber safety and cyber ethics blogs produced exclusively for EarthLink. Looking for a social media parental control? Try a 30-day free trial of Bark. If you sign up after your trial, Bark donates 25% of your monthly fee to Savvy Cyber Kids.
Thank you to the Savvy Cyber Kid’s sponsors!
Interested in becoming a Savvy Cyber Kids sponsor? Email Ben Halpert.