Best Practices with Security Questions

Continuing with our theme of best practices for identity theft protection and building on last week’s post of strong passwords, this week we highlight those security questions. This post too is adapted from a recent post on OnGuard On Line by Whitney Merrill Legal Fellow, Division of Privacy and Identity Theft Protection, FTC.

If you forget your password or sometimes just as additional security, many companies require you to answer security questions to regain access. Here are some tips to make sure an attacker can’t use your security questions as a way to get into your account:

  • Select security questions where only you know the answer. Many security questions ask for answers to information available in public records or online, like your zip code, mother’s maiden name, birth place. That is information a motivated attacker can obtain.
  • Don’t use answers to security questions that can be guessed. An attacker can guess the answer to a security question that has a limited number of responses (dates, colors, states, countries). Avoid questions like “What state were you born in?” or “What color was your first car?” which allow an attacker to guess all possible answers.
  • Don’t give a generic answer to a security question. Find an answer to a security question that you will remember but is also more complicated than a generic word. For example, if the security question asks “What is your favorite childhood memory?” the answer “watching the Dodgers with my mom” is more secure than “baseball.”

For more on best practices when it comes to identity theft protection, please visit www.hvshred.com

A Refresher On Strong Passwords

Best practices for identity theft protection is a theme of our HV Shred Blog. A recent post on On-Guard On-Line by Whitney Merrill Legal Fellow, Division of Privacy and Identity Protection, FTC is a good refresher when it comes to password common sense.

When the time comes to create another password, be sure it a secure one. A little extra attention when you create a strong password can prevent an attacker from getting access to your account.

Your password should be long, complex, and unique. Here are additional steps you can take to help create strong passwords and secure your accounts:

  • Avoid common words, phrases, or information. Don’t use information available to others like your birthday, phone number, or Social Security number. Attackers often use a dictionary of previously exposed passwords and information gathered from the internet to help them guess a password.
  • Change passwords quickly if there is a breach. Attackers who steal data from companies often obtain password information. If you receive a notification from a company about a possible breach, change that password and any account that uses a similar password immediately.
  • Consider a password manager. Most people have trouble keeping track of all their passwords. Consider storing your passwords and security questions in a password manager, an easy-to-access application that allows you store all your valuable password information in one place. Use a strong password to secure the information in your password manager.

For more on best practices for identity theft protection, please visit www.hvshred.com