Browse Definitions :
Definition

website security question

Contributor(s): Ivy Wigmore

An internet security question is a backup measure used to authenticate the user of a website or an application in the event that they have forgotten their user name and/or password. Theoretically, a security question is a shared secret between the user and the website.

Because many security questions have answers that can easily be found online with just a little research, they are often criticized for making user accounts vulnerable to attack. Security expert Bruce Schneier referred to website security questions as an “easier-to-guess low-security backup password that sites want you to have in case you forget your harder-to-remember higher-security password.”

A security question should have the following characteristics:

  • The answer should not be available online.
  • The question and answer should be simple.
  • They should be about something memorable to the user.
  • The answer shouldn’t be anything that might change over time.
  • There should be many possible answers to the question.

Alternatives to website security questions include two-factor authentication.

This was last updated in January 2018

Continue Reading About website security question

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Have you ever forgotten the answer to your website security question?
Cancel

-ADS BY GOOGLE

File Extensions and File Formats

Powered by:

SearchCompliance

  • data governance policy

    A data governance policy is a documented set of guidelines for ensuring that an organization's data and information assets are ...

  • risk management

    Risk management is the process of identifying, assessing and controlling threats to an organization's capital and earnings.

  • compliance as a service (CaaS)

    Compliance as a Service (CaaS) is a cloud service service level agreement (SLA) that specified how a managed service provider (...

SearchSecurity

  • Advanced Encryption Standard (AES)

    The Advanced Encryption Standard, or AES, is a symmetric block cipher chosen by the U.S. government to protect classified ...

  • intrusion detection system (IDS)

    An intrusion detection system (IDS) is a system that monitors network traffic for suspicious activity and alerts when such ...

  • Secure Shell (SSH)

    SSH, also known as Secure Shell or Secure Socket Shell, is a network protocol that gives users, particularly system ...

SearchHealthIT

SearchDisasterRecovery

SearchStorage

  • cache memory

    Cache memory, also called CPU memory, is high-speed static random access memory (SRAM) that a computer microprocessor can access ...

  • capacity management

    Capacity management is the broad term describing a variety of IT monitoring, administration and planning actions that are taken ...

  • cloud storage

    Cloud storage is a service model in which data is transmitted and stored on remote storage systems, where it is maintained, ...

Close