Here’s a scenario.
You’ve forgotten your password, so the site asks you to answer a “security question.”
What’s your mother’s maiden name? Your first pet? The street you grew up on? Easy enough to remember, right?
Here’s the problem:
If you reuse the same answers across accounts, or if those details are easy to find, hackers can stroll right through the front door.
Why Security Questions Are Weak
• Many answers are publicly available on social media or public records.
• People often reuse the same answers everywhere, making them predictable.
• They rarely change — unlike passwords, which can be updated.
• Hackers can guess or brute-force simple answers like “Fluffy” or “Smith.”
Real Example
Back in 2008, a hacker gained access to US politician Sarah Palin’s email by answering her security questions with publicly available information. It showed just how weak and guessable these “extra protections” can be.
Do This Today
- Use fake answers
Treat security questions like passwords — make the answers unpredictable (and store them in a password manager). - Avoid real personal info
If the question is “mother’s maiden name,” don’t actually use it. Hackers can look that up. - Don’t reuse answers
Mix it up across accounts so one breach doesn’t unlock them all. - Enable stronger recovery options
Where possible, use 2FA or recovery codes instead of relying on security questions. - Audit old accounts
If they still rely on security questions, update or replace them with stronger protections.
Key Takeaway
Security questions often aren’t very secure. Reusing the same answers makes it even easier for hackers to break in. Fake it, mix it up, and don’t rely on them as your only defence.
At The Cyber Workshop, our Awareness Workshops explain these hidden weaknesses and show you smarter ways to protect your accounts without adding hassle.
Till next time,
Don’t make it easy — the best answer to a security question is one only you (and your password manager) know.
