Browse Definitions :
Definition

website security question

An internet security question is a backup measure used to authenticate the user of a website or an application in the event that they have forgotten their user name and/or password. Theoretically, a security question is a shared secret between the user and the website.

Because many security questions have answers that can easily be found online with just a little research, they are often criticized for making user accounts vulnerable to attack. Security expert Bruce Schneier referred to website security questions as an “easier-to-guess low-security backup password that sites want you to have in case you forget your harder-to-remember higher-security password.”

A security question should have the following characteristics:

  • The answer should not be available online.
  • The question and answer should be simple.
  • They should be about something memorable to the user.
  • The answer shouldn’t be anything that might change over time.
  • There should be many possible answers to the question.

Alternatives to website security questions include two-factor authentication.

This was last updated in January 2018

Continue Reading About website security question

SearchCompliance
  • OPSEC (operations security)

    OPSEC (operations security) is a security and risk management process and strategy that classifies information, then determines ...

  • smart contract

    A smart contract is a decentralized application that executes business logic in response to events.

  • compliance risk

    Compliance risk is an organization's potential exposure to legal penalties, financial forfeiture and material loss, resulting ...

SearchSecurity
  • COBIT

    COBIT is an IT governance framework for businesses wanting to implement, monitor and improve IT management best practices.

  • email spam

    Email spam, also known as junk email, refers to unsolicited email messages, usually sent in bulk to a large list of recipients.

  • security policy

    A security policy is a document that states in writing how a company plans to protect its physical and information technology (IT...

SearchHealthIT
SearchDisasterRecovery
  • What is risk mitigation?

    Risk mitigation is a strategy to prepare for and lessen the effects of threats faced by a business.

  • change control

    Change control is a systematic approach to managing all changes made to a product or system.

  • disaster recovery (DR)

    Disaster recovery (DR) is an organization's ability to respond to and recover from an event that affects business operations.

SearchStorage
  • JBOD (just a bunch of disks)

    JBOD, which stands for 'just a bunch of disks,' is a type of multilevel configuration for disks.

  • bare-metal restore

    A bare-metal restore (also referred to as bare-metal recovery or bare-metal backup) is a data recovery and restoration process ...

  • mSATA SSD (mSATA solid-state drive)

    An mSATA SSD is a solid-state drive (SSD) that conforms to the mSATA interface specification developed by the Serial ATA (SATA) ...

Close