Definition

website security question

Ivy Wigmore, Content Editor

An internet security question is a backup measure used to authenticate the user of a website or an application in the event that they have forgotten their user name and/or password. Theoretically, a security question is a shared secret between the user and the website.

Because many security questions have answers that can easily be found online with just a little research, they are often criticized for making user accounts vulnerable to attack. Security expert Bruce Schneier referred to website security questions as an “easier-to-guess low-security backup password that sites want you to have in case you forget your harder-to-remember higher-security password.”

A security question should have the following characteristics:

The answer should not be available online.
The question and answer should be simple.
They should be about something memorable to the user.
The answer shouldn’t be anything that might change over time.
There should be many possible answers to the question.

Alternatives to website security questions include two-factor authentication.

This was last updated in January 2018

Continue Reading About website security question

Setting up ID and password recovery

Your mother's maiden name is not a secret

Alternatives to password-reset questions tackle social networking cons

Good security questions and better answers

Continue Reading About website security question

Related Terms