Don’t Give Away ‘Secret Question’ Answers on Social Media

You know those “secret question” fields websites use to supposedly confirm your identity? Make sure you don’t give away the answers to them on social media.

Secret Questions, to be clear, are a terrible form of security. For the unfamiliar, some sites use questions like “What was your first pet’s name?” or “What street did you grow up on?” for password recovery. The idea is that no one could possibly answer these questions except for you.

Except that’s not true, because people give away answers to these questions all the time. As Brian Krebs points out, this is made even worse by a common social media “engagement” practice used by companies and popular Facebook pages: asking mundane questions, many of which line up with so-called “secret” questions quite well.

Here’s Krebs writing for Krebs on Security:

Social media sites are littered with seemingly innocuous little quizzes, games and surveys urging people to reminisce about specific topics, such as “What was your first job,” or “What was your first car?” The problem with participating in these informal surveys is that in doing so you may be inadvertently giving away the answers to “secret questions” that can be used to unlock access to a host of your online identities and accounts.

The full piece has all sorts of examples of this, so check it out for a laugh if nothing else. The point here: Secret Questions are a terrible tool for password recovery, and sites shouldn’t be depending on them for security in 2018. Many still do, however, so we recommend not volunteering the answers on social networks.

Even better: consider giving fake answers to sites that still ask for secret questions. You can store your fake answers in your password manager (and yes, you should be using a password manager if you’re not.)

Justin Pot is a staff writer for How-To Geek, and a technology enthusiast who lives in Hillsboro, Oregon. Follow him on Twitter and Facebook, if you want. You don't have to.