It has to be consistent, to match the answer you always give to that question… every single time. No exceptions.
Companies, websites, government offices use Security Questions to verify you are you. That’s all.
They’re looking for matching information–truthful is optional. Your answers have to match original answers you gave them. So make sure your answers match.
A flustered agency rep recently argued my doing that, using an unconventional answer. I told him it didn’t have to be accurate to protect me, to verify that he was really talking to the owner of that account! Lots of information on us is searchable these days. So using an answer that’s not so searchable is more secure. Why would he think a truthful answer was for my benefit. A consistent, made-up answer, though, makes a lot more sense.
Like all those passwords we need everywhere, a system of keeping track is a good idea.
Have a System
Make yourself a list of most-common security questions and [your security] answers to them. Remember, be consistent whenever you answer that question. They don’t need your backstory or obscure details of your life to verify it’s you. Crazy answers to those questions–that you chose and gave them–are a lot less likely to be ‘found out’ than truthful ones. Matching is the key. Some fake-answer, fun examples:
- Q: Your favorite restaurant? A: lakeview
- Q: Make of your first car? A: metal
- Q: Your school mascot? A: big bird
- Q: Name of your first pet? A: rock
- Q: Name of school attended? A: high school
You probably have a document for recording your passwords; add a column for security answers you gave for their security questions.
Need to Know, Nosy, Personal
Thirty years of working with private, legal, confidential, and personal information means my radar goes up when someone is asking for information that’s none of their business; information they don’t need and is not required for their ability to provide a service I’m requesting.
A bank does not need to know where I went to grade school to set up my checking account. Google does not need to know my real birth date to set up an account–the year maybe, not the rest. And never give both your social security number and birth date together, EVER! (Corporate employee seminar on identity theft, provided by police detective field officer.) Including employment applications. Leave them blank until there’s and interview and an offer is made, which will be contingent on a criminal records check. Until then, they don’t need your social security number.
Just because there’s a blank line doesn’t mean you have to fill it in. And if they insist, make something up or try one of these: unknown, no idea, whatever, no answer, provided after interview.
Ask yourself, “Do they need to know this detail to provide the service I’m requesting?” Trust your spam radar. If it feels invasive, nosy, suspicious, hold off with providing information.
It can wait
Very few paperwork things require immediate attention, especially online. If you’re unsure or uncomfortable giving information, find a live person there to talk to. There are workarounds most times. And if there’s not, it’s okay to walk away, find an alternative. Or if it’s a nosy, none-of-your-business, or ID-security-risk-for-YOU kind of question, give an answer that may or may not be truthful.
I don’t generally suggest lying; it goes against the values of honesty, integrity, trustworthiness. So, two suggestions:
- Make your security answers coded or partial pieces of truth; i.e. your real school mascot was an eagle; your security answer might be big bird. It’s true, and it’s a secure answer; no one else knows you gave that as your answer, and it’s not searchable anywhere.
- Use partial information, i.e. first 4 digits or last 5 digits of social security number and fill in zeros for the rest, or use first or last day of year you were born. (It can be corrected later, if need be. Lots of people make typos by mistake all the time. Software is made to be correctable by someone. They’re used to this!)
Take care, enjoy!
Anne Wondra – WonderSpirit