Security questions
Updated by Katy Harrison
Security questions and answers are used for self-service password recovery if you're using email authentication to confirm who you are.
Security questions aren't used as an authentication method during login.
Choosing security answers
You can strengthen your security answers by following these tips:
Easy to remember, difficult to guess
It is important to choose questions that are easy for you to remember but difficult for others to guess or find online.
Unique answers
Avoid using the same security questions for multiple accounts, as this can make it easier for hackers to gain access to multiple accounts if they can answer the same security questions.
Don't use fake answers
37% of people intentionally provide false answers to their questions. Because people choose the same false answers, this tactic actually increase the likelihood that an attacker can guess your answers.
Security question requirements
The following requirements and limitations apply:
- The minimum answer character limit is three characters.
- The maximum answer character limit is 40 characters.
- You can't answer the same question more than one time.
- You can't provide the same answer to more than one question.
- You must answer at least three questions.
Best practices we follow to protect security questions
Predefined questions
We've compiled a list of strong, unique security questions that you can choose from. This helps ensure the answers provided are difficult for hackers to answer and reduce the risk of account takeover.
Restrict answers
We check answers against a deny list for common responses, like your username or email address, your current password, and guessable character strings like “123” and “password.” We enforce a minimum length for answers to help avoid easily guessable answers.
Set multiple security questions
You are required to answer multiple questions during password recovery. When you are asked a question out of a selection, you have to answer it correctly before being shown the next question. This minimises the chance of attackers being able to guess or obtain the answers they need to access accounts.
Encrypted storage
We use secure hashing algorithms to prevent hackers from obtaining security answers from your system. There's no way for admins or Advanced to read or modify your questions and answers.