We hear a lot of discussion about secure passwords, but now people are wondering whether we should pay more attention to the answers we give for security questions.
The article Why You Should Lie When Setting Up Password Security Questions, over at the Techlicious site, makes me wonder whether security questions — and the answers that we provide — should be re-evaluated. The article emphasizes the lack of security and privacy in our lives, and notes that by giving answers to security questions that describe our personal lives we set ourselves up for potential identity theft problems when hacks do occur.
Like a lot of people in the field of educational technology, I spent a good deal of time helping 21st Century children understand the importance of not lying, especially about their ages, and also about not engaging in anonymous activities or sharing gossip via social media (both of which frequently involve untruths).
It may be necessary, however, to make our answers to security questions less personal and to teach children to do the same. Perhaps the original intent of asking us to answer questions about our lives was to ensure that our answers would be easy to remember. Now, however, with the advent of secure password managers that store our information (and often be accessed with a fingerprint) we can rethink how we answer these questions. One suggestion is for a person to make up a set of answers to security question that do not share personal data.
Bottom line? We are not lying when we answer security questions with more secure information that shares less about out lives.
Now, what do we say to kids?