Clark Howard

Why you should change all of your security question answers right now

Identity theft is on the minds of many Americans after hackers obtained the personal information of more than 145 million consumers in the Equifax data breach.

By now, you've probably heard money expert Clark Howard's advice: Get a credit freeze!

I recently had the chance to speak with Adam Levin, founder of CyberScout, an identity management and data security services company, about the Equifax hack.

He said the easiest way to protect yourself from identity theft is to follow the “Three Ms”:

  • Minimize your exposure
  • Monitor your accounts
  • Manage the damage

Like Clark, Levin recommends that consumers set up free credit monitoring, freeze their credit with the three major bureaus and review accounts daily for suspicious activity.

Something else from our conversation that stuck out to me was his advice about security challenge questions.

Why you should lie when answering security questions

RELATED: This security feature could prevent hackers from emptying your bank account

Many financial institutions use security questions as an extra layer of security. You may be prompted to answer them if you forget your password and need to reset it.

Here’s the problem: Hackers may be able to gain access to your account just by guessing!

Answers to common questions like “What’s your mother’s maiden name?,” “What’s the name of your favorite pet?,” and “What street did you grow up on?” can often be found online — perhaps even on Facebook and Twitter.

“There’s so much information out there about us through social media or information that could be phished, that it’s too easy for someone to get a hold of those kind of facts that could be answers to security questions,” Levin said.

That's why Levin suggests that you never tell the truth when you set answers to your security questions. You should lie.

When I chatted with Clark about my conversation with Levin, he agreed. He said you want to make sure that your answers can’t be researched or guessed.

For example, you could use a pet’s birthday instead of a human’s birthday because that information isn’t public record.

Although many websites have moved to stronger authentication methods, you probably have at least one account that uses security questions. Go ahead and update the answers from your account’s settings or security page now.

Answering security questions with lies may not stop a hacker in every case, but it does put up another roadblock.

Levin told me that criminals pay about $30 for a complete identity dossier on the black market, so the information obtained in the Equifax hack could potentialy be worth billions of dollars.

However, if you set up barriers to make things harder for the scammers, they may just move on to the next potential victim.

Recap: 5 things you can do to protect your identity

RELATED: Credit Freeze Guide: The best way to protect yourself against identity theft