Why are security questions not recommended as a primary authentication method?

Study for the User Account Management Test. Enhance your skills with flashcards and multiple choice questions, each with hints and explanations. Be prepared for success!

Multiple Choice

Why are security questions not recommended as a primary authentication method?

Explanation:
Security questions are weak as a primary authentication method because they rely on information that can be easily obtained or guessed. Attackers can use social engineering to coax legitimate details from you or a help desk, and many common questions have answers that are publicly available or can be found through a quick search, social media, or past data breaches. People also tend to reuse the same answers across multiple sites, making a single leaked or guessed answer dangerously effective. The answers are typically static and don’t change when other credentials are updated, so once the information is known, it can compromise access across services. That’s why stronger protections are preferred: multi-factor authentication or device-based methods require something you have (a hardware token or a trusted device) or something you are (biometrics), adding a second barrier beyond what you know. Security questions can still be useful for secondary verification or account recovery, but they should not be relied on as the main gatekeeper.

Security questions are weak as a primary authentication method because they rely on information that can be easily obtained or guessed. Attackers can use social engineering to coax legitimate details from you or a help desk, and many common questions have answers that are publicly available or can be found through a quick search, social media, or past data breaches. People also tend to reuse the same answers across multiple sites, making a single leaked or guessed answer dangerously effective. The answers are typically static and don’t change when other credentials are updated, so once the information is known, it can compromise access across services.

That’s why stronger protections are preferred: multi-factor authentication or device-based methods require something you have (a hardware token or a trusted device) or something you are (biometrics), adding a second barrier beyond what you know. Security questions can still be useful for secondary verification or account recovery, but they should not be relied on as the main gatekeeper.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy