sirvalence: Stupid Security Questions

Carl Klutzke (

sirvalence) wrote,
@ 2008-01-25 06:03:00

Entry tags:

ixd

Stupid Security Questions
On logging in to my phone service provider this morning, they announced a security upgrade. I had to select two security questions and enter answers for them. Here's a sampling:

What is your favorite movie?
What was the name of your favorite childhood pet?
What was the name of your favorite teacher?
What is the name of your favorite author?

Do you notice a trend here? There were two sets of five questions, and I had to choose one from each set. In each set, all, or nearly all, asked me about my favorite X.

So what's wrong with that? Opinions change. If my favorite author was Tolkien, then I read a book by LM Bujold, Tolkien may no longer be my favorite author. These sorts of questions should be about personal facts that cannot change. Of all the questions available, only one was about a fact.

After I selected the questions and entered my answers, the system displayed my selections and told me to record them in a safe place. Let's be realistic. The main reason I would ever use these questions is because I forgot my password, right? If I didn't record my password, why would I record these? Jeesh.

(Post a new comment)

princejvstin
2008-01-25 12:09 pm UTC (link)

So what's wrong with that? Opinions change. If my favorite author was Tolkien, then I read a book by LM Bujold, Tolkien may no longer be my favorite author. These sorts of questions should be about personal facts that cannot change. Of all the questions available, only one was about a fact.

I concur. I've been tripped up by old security questions like these where I have to guess out of a number of possible answers to the "favorite".

And having you record those answers is almost an admission that they are going to change/not be remembered and defeat the purpose of their use.

While I can't talk specifics, the security questions here at the Fed, at least, are more logical.

Edited at 2008-01-25 12:11 pm UTC

(Reply to this)

	krikketgirl 2008-01-25 12:38 pm UTC (link)
	I like the ones that let you set your own password/password reminder hint. (Reply to this)(Thread)

	sirvalence 2008-01-25 01:05 pm UTC (link)
	I prefer that too. Or at least give me a number of questions to choose from, with the option of creating my own if I don't like any of them. (Reply to this)(Parent)

arenson9
2008-01-25 12:48 pm UTC (link)

I have seen such extra security questions be used in situations besides when one has forgotten a password -- My local bank's website has asked me for these multiple times, I think when I've moved to a new browser, but possibly just after a certain length of time. I also was forced to provide these questions and answers when setting up the Mint cross-institutions financial service.

(Reply to this)(Thread)

	sirvalence 2008-01-25 01:06 pm UTC (link)
	My credit union does that as well, and in that case I don't mind so much. It's probably good for the system to be suspicious if someone logs in from an unfamiliar computer. (Reply to this)(Parent)

mazlynn
2008-01-25 04:53 pm UTC (link)

I've had the same problems. I've noticed more and more sites requiring multiple "identity confirmation" questions, and more often than not, most of them are ones I couldn't give the same answer to twice. They are either personal facts so obscure that I don't remember them any more, like "What is the name of your third grade teacher", or ones that are likely to change over any considerable length of time, like "what is your pet's name", or opinion questions like the one you mentioned. Thus far I've usually been able to pick enough out of the list that I feel I can reasonably answer. But the last time I had to call my bank to reset my password after being locked out of the system, they asked me one of the security questions that had multiple possible answers, and it was like playing a guessing game with the teller as I ran through them all. Frustrating.

(Reply to this)

	gozer2048 2008-01-25 09:45 pm UTC (link)
	Agreed. I hate hate HATE these for the very same reasons. I think one of my student loans started using ones just like these. I think I just went for the ones that were most objective. (City of birth or somesuch.) At least half of them did not have a stable answer. (Reply to this)

	krikketgirl 2008-01-31 01:25 pm UTC (link)
	I thought you might find this article interesting! (Reply to this)(Thread)

	sirvalence 2008-01-31 03:54 pm UTC (link)
	Very much so, thank you! (Reply to this)(Parent)

Mini Sitemap:

Username:		Create an Account Forgot your login? Login w/ OpenID
Password:
	Remember Me
	English • Español • Deutsch • Русский…