Why You Should Lie When Setting Up Password Security Questions, over at the Techlicious site, makes me seriously consider whether the use of security questions — and the answers that we provide — should be re-evaluated. The 2018 article emphasizes the lack of security and privacy in our lives, and it notes that by giving responses that describe our personal lives we provide virtual keys that can open doors to potential identity theft problems.
Like a lot of people in the educational technology field, I spent a good deal of time helping 21st Century children understand the importance of not lying, especially about their ages. I encouraged them not to engage in anonymous activities, and I counseled them to avoid sharing made-up information, gossip or innuendo via social media.
It may be necessary, however, to make the security question process less personal and to teach children to do the same. Perhaps the original intent of asking us to answer questions about our lives was to ensure that our answers would be easy to remember. Now, however, with so many break-ins to massive databases and with apps downloading our cell phone data while we sleep, it’s past time to re-evaluate our responses to security questions.
A goal, early on, was for our answers to help when we forgot passwords, but with the advent of secure password managers that store our information (and often accessed with a fingerprint or two-step authentification), we should, perhaps, rethink our responses to these security questions. The Techlicious article suggests that we make up a set of unrelated answers, thereby protecting our personal data.
Bottom line? We are not lying when we answer security questions with more secure information that shares less about our lives.
Now, what do we say to kids about making things up?