Perpendiculous Programming, Personal Finance, and Personal musings

2008.12.08

“Security Questions”

Filed under: Personal — cwright @ 1:35 pm

Every time I have to register for some site that performs financial transactions on my behalf, I have to register, create an account, and then pick stupid security questions.  These used to be fairly static questions, but then a few years ago someone got the bright idea to make variations on them to make it “more secure”.  The end result, however, is less than desirable.

For a security question to be secure and helpful, the answer has to be immutable (unchanging), and easily recalled.  Yet almost all the recent sign-ups I’ve performed offer only questions that violate one or both of these features.

For example, here are some good questions:

  • What’s your spouse’s mother’s/father’s first name?  (spouses don’t change often enough for this to become a real problem)
  • What high school did you graduate from (happens zero or once, never changes)
  • What was the make and model of your first car (there’s only 1 first car)
  • How many siblings does your mother/father have (unlikely to increase, and using the maximum is generally implied, so that when one dies, you don’t stop counting them)

Here are the lousy questions I’m offered:

  • What country would you like to visit
  • What’s the farthest from home that you’ve traveled
  • What’s the name of a famous person you’d like to meet (living or dead)
  • What’s your favorite film
  • Who’s your favorite author
  • What’s your favorite hobby

All of these can and do change, and frequently so.  It’s like when people try to give directions based on mutable things (“Turn left at the yellow car, and we’re on the side of the building with all the birds” — good if the yellow car doesn’t move or change colors, and if the birds never move, but if either of those changes, that’s a lousy direction).

Holy crap.  We have brainwashing, “greenwashing” (people getting obsessed with green, without actually knowing anything), and “securitywashing” (let’s do ____, because it’s “More Secure(TM)”).  argh!

1 Comment »

  1. Nice to see you have the gene for rant as well!

    Comment by George Toledo — 2008.12.24 @ 11:27 pm

RSS feed for comments on this post. TrackBack URL

Leave a comment

Powered by WordPress  •  Hosted by Kosada