Browse Definitions :
Definition

website security question

Contributor(s): Ivy Wigmore

An internet security question is a backup measure used to authenticate the user of a website or an application in the event that they have forgotten their user name and/or password. Theoretically, a security question is a shared secret between the user and the website.

Because many security questions have answers that can easily be found online with just a little research, they are often criticized for making user accounts vulnerable to attack. Security expert Bruce Schneier referred to website security questions as an “easier-to-guess low-security backup password that sites want you to have in case you forget your harder-to-remember higher-security password.”

A security question should have the following characteristics:

  • The answer should not be available online.
  • The question and answer should be simple.
  • They should be about something memorable to the user.
  • The answer shouldn’t be anything that might change over time.
  • There should be many possible answers to the question.

Alternatives to website security questions include two-factor authentication.

This was last updated in January 2018

Continue Reading About website security question

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Have you ever forgotten the answer to your website security question?
Cancel

-ADS BY GOOGLE

File Extensions and File Formats

SearchCompliance

  • compliance audit

    A compliance audit is a comprehensive review of an organization's adherence to regulatory guidelines.

  • regulatory compliance

    Regulatory compliance is an organization's adherence to laws, regulations, guidelines and specifications relevant to its business...

  • Whistleblower Protection Act

    The Whistleblower Protection Act of 1989 is a law that protects federal government employees in the United States from ...

SearchSecurity

  • brute force attack

    Brute force (also known as brute force cracking) is a trial and error method used by application programs to decode encrypted ...

  • spyware

    Spyware is software that is installed on a computing device without the user's knowledge. Spyware can be difficult to detect; ...

  • ATM black box attack

    An ATM black box attack, also referred to as jackpotting, is a type of banking-system crime in which the perpetrators bore holes ...

SearchHealthIT

SearchDisasterRecovery

  • business continuity and disaster recovery (BCDR)

    Business continuity and disaster recovery (BCDR) are closely related practices that describe an organization's preparation for ...

  • warm site

    A warm site is a type of facility an organization uses to recover its technology infrastructure when its primary data center goes...

  • disaster recovery (DR) test

    A disaster recovery test (DR test) is the examination of each step in a disaster recovery plan as outlined in an organization's ...

SearchStorage

  • disk array

    A disk array, also called a storage array, is a data storage system used for block-based storage, file-based storage or object ...

  • enterprise storage

    Enterprise storage is a centralized repository for business information that provides common data management, protection and data...

  • optical storage

    Optical storage is any storage type in which data is written and read with a laser. Typically, data is written to optical media, ...

Close