Since the LoginRadius Identity Platform requires you to define your own security questions, we wanted to give you some basic guidelines for creating good security questions.
What makes a good security question? The best security questions make it easy for legitimate customers to authenticate themselves without worrying about their account being infiltrated. ● If a question is too hard to answer due to complexity or changing circumstances, it can end up wasting your customer’s time—and ultimately, it may keep them locked out of their account. ● If the answer is too quickly researched or there are too few possible answers, it can be easy for an attacker to gain access by guessing correctly. You can minimize both of these outcomes by creating good security questions. According to the Good Security Questions website, answers to a good security question should meet these criteria: 1. 2. 3. 4. 5.
Safe: Cannot be guessed or researched. Stable: Does not change over time. Memorable: Can be remembered.
Simple: Is precise, easy, and consistent. Many: Has many possible answers.
