These days, every new online account a website prompts you to create feels like an open invitation for identity theft. Even if you use a password manager (and you should), plenty of companies want more than just your email address—you’ll need to save your credit card information, your address, and more. Under the guise of keeping that data secure, many sites will prompt you to enter personal information like your birthday and answers to standard security questions like “What is your mother’s maiden name?” But if you really want to keep your data secure, you shouldn’t tell them.
We recently came across some great advice from Jack Smith IV at Mic: When a website asks you for answers to security questions, you should lie. Virtually the same security questions are posed by sites all across the web, whether you’re trying to get into your favorite online shopping retailer or something more important, like your iCloud account. If hackers end up with the identifying information you input into one site, chances are they can get into a whole lot more than just your Twitter account. Information like your mother’s maiden name, your first street address, or the name of your high school are also used by banks and the IRS.
In 2015, hackers attacking the IRS compromised more than 700,000 households, in part because they were really good at guessing the answers to people’s security questions based on personal information they had already stolen. That same year, Google found that hackers have a surprisingly high probability of correctly answering security questions that are more subjective, like “What is your favorite food?” or “Who was your first teacher?”
Lying, of course, won’t protect you from all cyber attacks, but doing so will at least reduce the amount of real information available for hackers to steal. Facebook doesn’t need to know your real birthday—that’s just a way for them to target advertising—and just about anyone could find your mother’s maiden name online.
If you want to be able to get back into your accounts using security questions (if two-factor authentication isn’t an option), you will need to remember the answers you give, though. The beauty of security questions is that they’re designed to be information you cannot forget. You might want to write your false answers down somewhere or use the same answers for a select number of accounts. Just maybe don’t use the same answers for your Facebook account as for your bank account, and be sure to double check which accounts need real information (the IRS, for instance).