ArtsAutosBooksBusinessEducationEntertainmentFamilyFashionFoodGamesGenderHealthHolidaysHomeHubPagesPersonal FinancePetsPoliticsReligionSportsTechnologyTravel

How To Pick Smart Answers To Your Security Questions

Updated on April 1, 2022

By Rachael O'Halloran

Published September 8, 2014

This article will discuss suggestions for answers to password security questions and identity verification security questions, which serve different purposes.

Materials Required To Benefit From This Article

  • Pen
  • Notebook from the Dollar Store
  • An Open Mind
  • Common Sense
  • A Sense of Humor

Are you giving a hacker the answers to your "identity" security questions?


For online security questions like the ones in the above screenshot ...

Do you lie or do you tell the truth when you give the answer?

See results

Your Passwords Should Be Unique

Password Security Questions

Before I get into how to pick your security questions and answers, I want to get a little housekeeping out of the way and discuss how easy it is for a hacker to learn your password just from your Password Reminder Question.

This question is not the same as your Identity Verification Security Question that verifies your identity. That is a separate screen and usually a different question - or it should be.

Some of this has been covered in my other article about How To Create The Best Passwords Hackers Hate but in case you haven't read that one, this is a little recap.

Password Security Questions are meant to give you a clue as to what you chose as your password. The answer can't be your actual password; it should just steer you in the right direction so you'll remember what the password could be. I like to choose location password answers that have nothing to do with the question, just to tick off a hacker.

Scenario: You are on Site ABC, you already chose a password (with or without using sentence method), and you wrote it down on a page of your Notebook. Now, choose ANY security question - doesn't really matter which one - and make the answer the page number in the Notebook.

Example: Question: What is your the name of your favorite teacher?

Answer: Pagetwoin Notebook (should have a space so it looks like a real name).

Answer translation: Page Two In Notebook - On page two, you should find the password or password sentence you used for that site and the manner in which you wrote it -i.e. the sequence of letters, numbers, symbols, special characters.

If your password is easy for you to remember, then it may be easy for a hacker to get. It is best to make your password so hard that even you have to look it up each time.

  1. Always use a different password for each site.
  2. Don't reuse! Passwords should not be recycled.
  3. Never click SAVE on those "Remember Password" popups. These programs are a gold mine to a hacker.


If you talk, your account walks

If you comment on someone's Facebook page/wall and their settings are set to "public," you have no control. Anyone can read your comments no matter what YOUR settings are set to.

If you talk about your personal stuff - child by name, husband by name, your vacation, upcoming events, etc. - it is all public knowledge.

And you never know who is listening.

Facebook Settings

Your settings on Facebook (and most social networks) where your conversation is in the open for other people to be able to read, should always be set to either "Friends" or "Specifically to certain names." That way, anyone who is not a friend or is not listed on that "specific list" cannot read the conversation. They can't even see it.

If you have no control over the settings, it is assumed that it is all public and anything you say can and will be used against you by a hacker.


Your Facebook Account

You may be wondering why anyone would want to hack your Facebook account since all you do is play games, or talk to friends on your wall, their wall, in groups or chat rooms.

Well, it is not really your Facebook account that a hacker wants.

Hacking into your Facebook account is not the ultimate prize, it is the stepping stone to get to the ultimate prize.

It may be someone on your friends list he has his eye on. You are but a tool - a means to an end.

Your contact (friends) list, your sign-on email address and/or your conversation on your wall or that of your friends is all information he can use to hack other accounts or view any online activity conducted by you or the target.

Remember, even your medical records are online now, (supposedly encrypted, but we all know how that goes!), test results, pharmacy emails, and medical appointments. It is all good information to a hacker in the larger scheme of things.

What he wants is any information that will lead him to guessing your passwords or answers to security questions on all the other sites you use - banks, credit cards, email accounts, blogs, medical records - so he can access them. Once he has them, your identity is his, he can post as you, conduct business as you. He has your whole life. If he can get into your friends list, he has more targets to hack.

Of course, if you are one of those people who uses the same password for two or more accounts, or if you keep an email file with all your passwords on it, then you have helped him immensely.


If you set up your FB account for three attempts, that means when three attempts are made to enter a password without success, the account is locked out to the person doing the attempting! But you are not locked out because you are coming from a different IP address.

An automated email goes to whatever email account you used to sign on, and the email usually asks something inane like "Are you having trouble getting in to your Facebook account?"

A red flag should go up in your mind! Someone's trying to get into your Facebook account and it is not YOU!

Immediately sign on to your account, change the password to something different - use a different sentence - change the sentence to go backwards - anything. Then for peace of mind and possible clue to the culprit, go to SIGN ON ACTIVITY, then view the login activity section to see where the person is located who is trying to get into your account.

Usually it is not a USA city or state, but that's not to say it NEVER is. This information is just some FYI, you can't do anything with it or fix your settings so that someone signing in from Taiwan can't make another attempt.

If this EVER happens to you, you are on someone's radar and need to change your passwords more often than others and be vigilant to those pesky emails from Facebook asking you if you are having trouble getting into your account.


Identity Verification Security Questions

The answer to the Identity Verification Question is meant to verify and to prove to them who you are. The answer must match perfectly, so it is best that the answer be as precise as possible.

Is the answer to your Identity Verification Question so generic that a hacker could guess the answer?

  1. "In what city were you born?"
  2. "What is your favorite color?"
  3. "What is your youngest sister's name?"

As you were reading, did you answer any of those questions truthfully?

Because if you did and if you are hell bent on continuing to answer those questions truthfully, then you are not going to like the rest of this article one little bit.

Let's explore the last question - What is your youngest sister's name?

If you write that her name is Margaret and it really is, what's the matter with you???????

Do you really think the website has to know that????


The website has no idea if her name is Margaret, Cinderella, Wonder Woman, or even Edith Bunker. They don't have any reason to know her name, have no way to verify it, and they don't really care.

The question is being asked so you'll provide an answer and that answer will be "the required answer." It needs to be typed in the answer box in order for them to verify the identity of the person who wants to access the account.

When "the required answer" is typed EXACTLY in the answer box, then that person will gain access to the account. If the hacker doesn't get it exactly right, he doesn't get in.

FunKY LeTTeRinG won't do here.

It is better to be more precise in the answer and leave the funky lettering to some other site that puts more emphasis on it.

If you write some crazy "totally foreign to you" type of name or combination of places or things for your sister's name ... Hooray! You have really pissed off a hacker and kept your account secure.

So ............. Lie.

Lie like a dog.

Then go write it down in your Dollar Store notebook.

Lesson learned: The secret to answering security questions is to LIE.

Get creative in how you answer. Here's another example:

Question: Where did you go on your honeymoon? (Assuming you went to Hawaii, let's use a little "misdirection.")

Answer: aminy

To gain access, a hacker has to know that your abbreviated answer of "aminy" stands for Adirondack Mountains in New York using first letter of each word.

He can keep trying "Hawaii" and other popular honeymoon places until the account is locked out. He won't get your answer if you are creative, precise, yet obscure.


Then go write it down in your Dollar Store notebook!


How the 2-step verification process works

example of how Google's two step process works.
example of how Google's two step process works. | Source
Receive the text, key it in and you are set
Receive the text, key it in and you are set | Source

2-Step Verification

If you have a two step verification where a text is sent to your cellphone, it will bypass your email box. Usually security questions are not needed when you have enabled a two-step verification process.

If you don't have a cell phone, you can get a regular phone call where a voice speaks the code to you.

There is no reason to NOT have this level of security. If a site offers it, take it.

Examples Of Challenging Identity Verification Security Questions

What was the happiest day of your life?

  • The older you are, the harder this answer is to guess. lol

Give a very obscure answer:

  • Notebook page four
  • Pick the occasion, make a sentence, then choose ONLY the first letter of each word and add a year for good measure onto the end or the beginning


You have to think like a hacker and then do the opposite. He's trusting that you will tell the truth. Don't.

What is your favorite color?

I absolutely LOVE this question because I can get so much mileage out of the answers.

If your favorite color is purple, for example, don't write purple. Be exact in the color of purple. Magentapurple, Jazzberry, Deepviolet. Here's a link to all kinds of colors of purple. Choose a purple that has two words, then run them together as I have done. The longer the word, the harder to guess. Don't be afraid to spell them wrong!

If your favorite color is blue, choose a specific color of blue. Morninggloryblue, Cornflowerblue, Bleudefrance, cadetblue, celestialblue. Here's a link to all kinds of colors of blue. Spell them right, spell them wrong, combine a couple together.

I think you can see how the answers to your favorite color question can be changed so that you almost never have to change the question.

Another common question asks your favorite flavor of ice cream. The hacker is looking for an ice cream flavor, so pick a color instead. Choose an obscure color off the charts at the site linked above.

Write it down in your Dollar Store notebook!


More Ideas

Where did you go to high school?

Instead of giving the name of an actual school, give an intersection address of any high school in your town or the next town. Or give your school colors or your kid's school colors.

  • Example: "At Fourth Street and Franklin Boulevard" for the shortened version of At 4th Street and Franklin Blvd that a hacker will use because he is too much in a hurry. Always go long, you aren't crunched for time like a hacker is. lol
  • "Katholic" for Catholic, "High Sch" for High School - be misleading by misspelling.
  • Burgundyandgold for school colors - all run together as if it was a name of a school

What is the name of the first street you lived on?

I always pick a street in a beautiful neighborhood that I never lived in and then I spell it the wrong way, the short way, the long way or backwards.

  • Example: "Secoya Hylands Boulevard" for Sequoia Highland Blvd. OR spell it backwards like this: ayoces sdnalyh draveluoub
  • Use up all the space in the box they give you - 32 characters or more
  • I used to use "One PoLiCe pLaZa" or "Una polizia Plaza " but they won't accept those anymore because hackers have guessed them to death.

What is your mother's maiden name?

If you actually write down her maiden name, you deserve to be hacked. (joke)

  • Don't write the words "mother" or "maiden" - hackers try them first.
  • Pick your favorite food, dessert, sport. Capitalize it so it looks like a Proper name. (Examples - Chicken, Gumbo, Tiramsu, Trifle, Ambrosia, Angelfoodcake, Volleyball, Bobsledder)

Write it down in your Dollar Store notebook!


Yahoo's Examples On Video

In the first place, Yahoo wants you to keep it real and answer truthfully with correct spelling. Here's why I think that is a bad idea as well as some of their question choices:

At the 0:52 mark on the video, Yahoo's choice of question: In which city did you study abroad?

This can be a good question for some people, especially those who never studied abroad! But if you actually did take a degree abroad, chances are the school is public record, you are listing the degree and where you got it on your resume on professional sites, like LinkedIn, for example. If you have a professional website where you list your credentials, this is a no-brainer. So, no, I don't think this is a very safe question.

At the 1:11 mark on the video, Yahoo's choice of question: Where did you go on your last vacation?

This is probably one of the worst questions to use as a security question because nearly everyone takes photos on vacation and the likelihood of them being online somewhere, if not in an email to someone, is very high.

When you come home from vacation, you want to post them on your website, Facebook page or send by email to friends or family. You may even talk about it on social media because you are still excited about the vacation. It takes one slip up about this and your security question and answer is blown.

Real Spelling

Where it says in the video to use "real spellings" so you'll remember the security answer, I beg to differ.

If you purposely spell it incorrectly or get creative with spelling, add a number, it makes it that much harder for a hacker to guess.

Remember, it has to match exactly. If you spell it wrong, the hacker has to spell it wrong too!


Stop the video at 0:49 and take a closer look at the security questions they give to choose.

  • Who was your date on prom night? Not a bad question -Better, if thename is spelled wrong
  • Where did you spend your honeymoon? Choose a sentence, then 1st letter of each word
  • Where did you meet your spouse? If it was a city, and especially if it is your present city, it is probably already on social media. If you say BLIND DATE and that is common knowledge, this is not a great security question. Better to choose something like: At Maria's house, or At a convention
  • What is your oldest cousin's name? This is a good question -but instead of including the first, middle, maiden and last names, I'd rather pick a nickname. Fat Brucethe Blimp, Twiqqy Jeanthe Stick (Change the G's to Q's)- Make it as hard as possible to guess but write it down so you have it.
  • What is your oldest child's nickname? Never a good question, especially if he/she has their own Facebook account and uses the name with their friends
  • Name of oldest niece, nephew, favorite aunt, uncle? - all good, but not if you use their real first name, nickname and middle name. Use 3 "words" but never use a maiden or last name. Example: Aunt Alice's son, Uncle Norman's daughter.
  • What town was your father (mother) born in? No way, too big a possibility of being public record


Public vs. Private Email Account

Never post your primary email address in public - on a website, Facebook page, in chat rooms, groups, in comments - for people to contact you.

Your primary email address is the private one that has your day to day life in it - for example: business with mail order companies, pharmacy pickup notifications, online payment receipts, credit card statements, bank business, mortgage receipts, any company billing statements, etc.

Instead, always keep at least one backup email address as a secondary email account that is only for your online life - blog comments, HubPages comments or notifications, Facebook groups, playing games, receiving coupons and game bonus offers, etc.

Post that one for people to contact you. If it gets hacked, which is so common now more than ever, at least your financial and private information will be safe in the other account.

Treat the strength of your email account password like it is guarding Fort Knox.

Think about it ... all your important stuff is in there - your communications with your banks, credit cards, sites you do business with, confirmation emails from sites you signed up with - all of these things are what a hacker needs to know so he can start on his merry way going to those sites to hack your password and then get inside the accounts.

Even if you don't think you have anything a hacker would want, you have information that you didn't know you had. Your contact list.

He may not care what stores you shopped at, but your contact list might give him a great choice of friends who do far more on the internet than you do, and who have much more money in the bank than you. And that might be his pot of gold with you being the stepping stone.

Because hackers are guessing the answers, you have to start getting more than just a little creative picking questions and precisely worded answers.


Now, go out there and be the best damn liar you can be.

Then go write down your answers in your Dollar Store notebook.

© 2014 Rachael O'Halloran


This website uses cookies

As a user in the EEA, your approval is needed on a few things. To provide a better website experience, uses cookies (and other similar technologies) and may collect, process, and share personal data. Please choose which areas of our service you consent to our doing so.

For more information on managing or withdrawing consents and how we handle data, visit our Privacy Policy at:

Show Details
HubPages Device IDThis is used to identify particular browsers or devices when the access the service, and is used for security reasons.
LoginThis is necessary to sign in to the HubPages Service.
Google RecaptchaThis is used to prevent bots and spam. (Privacy Policy)
AkismetThis is used to detect comment spam. (Privacy Policy)
HubPages Google AnalyticsThis is used to provide data on traffic to our website, all personally identifyable data is anonymized. (Privacy Policy)
HubPages Traffic PixelThis is used to collect data on traffic to articles and other pages on our site. Unless you are signed in to a HubPages account, all personally identifiable information is anonymized.
Amazon Web ServicesThis is a cloud services platform that we used to host our service. (Privacy Policy)
CloudflareThis is a cloud CDN service that we use to efficiently deliver files required for our service to operate such as javascript, cascading style sheets, images, and videos. (Privacy Policy)
Google Hosted LibrariesJavascript software libraries such as jQuery are loaded at endpoints on the or domains, for performance and efficiency reasons. (Privacy Policy)
Google Custom SearchThis is feature allows you to search the site. (Privacy Policy)
Google MapsSome articles have Google Maps embedded in them. (Privacy Policy)
Google ChartsThis is used to display charts and graphs on articles and the author center. (Privacy Policy)
Google AdSense Host APIThis service allows you to sign up for or associate a Google AdSense account with HubPages, so that you can earn money from ads on your articles. No data is shared unless you engage with this feature. (Privacy Policy)
Google YouTubeSome articles have YouTube videos embedded in them. (Privacy Policy)
VimeoSome articles have Vimeo videos embedded in them. (Privacy Policy)
PaypalThis is used for a registered author who enrolls in the HubPages Earnings program and requests to be paid via PayPal. No data is shared with Paypal unless you engage with this feature. (Privacy Policy)
Facebook LoginYou can use this to streamline signing up for, or signing in to your Hubpages account. No data is shared with Facebook unless you engage with this feature. (Privacy Policy)
MavenThis supports the Maven widget and search functionality. (Privacy Policy)
Google AdSenseThis is an ad network. (Privacy Policy)
Google DoubleClickGoogle provides ad serving technology and runs an ad network. (Privacy Policy)
Index ExchangeThis is an ad network. (Privacy Policy)
SovrnThis is an ad network. (Privacy Policy)
Facebook AdsThis is an ad network. (Privacy Policy)
Amazon Unified Ad MarketplaceThis is an ad network. (Privacy Policy)
AppNexusThis is an ad network. (Privacy Policy)
OpenxThis is an ad network. (Privacy Policy)
Rubicon ProjectThis is an ad network. (Privacy Policy)
TripleLiftThis is an ad network. (Privacy Policy)
Say MediaWe partner with Say Media to deliver ad campaigns on our sites. (Privacy Policy)
Remarketing PixelsWe may use remarketing pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to advertise the HubPages Service to people that have visited our sites.
Conversion Tracking PixelsWe may use conversion tracking pixels from advertising networks such as Google AdWords, Bing Ads, and Facebook in order to identify when an advertisement has successfully resulted in the desired action, such as signing up for the HubPages Service or publishing an article on the HubPages Service.
Author Google AnalyticsThis is used to provide traffic data and reports to the authors of articles on the HubPages Service. (Privacy Policy)
ComscoreComScore is a media measurement and analytics company providing marketing data and analytics to enterprises, media and advertising agencies, and publishers. Non-consent will result in ComScore only processing obfuscated personal data. (Privacy Policy)
Amazon Tracking PixelSome articles display amazon products as part of the Amazon Affiliate program, this pixel provides traffic statistics for those products (Privacy Policy)
ClickscoThis is a data management platform studying reader behavior (Privacy Policy)