Excuse me if I deviate for a moment and go off on a rant, but I’ve had it up to my proverbial eyeballs with the creeping insanity that’s gripped people responsible for protecting us from would be evil-doers on websites.
Due to changes in my home technology set up as well as changes to my company email address, I spent part of the weekend updating my personal details on various websites – airlines, banks, etc. It’s one thing to be asked, “What’s your mothers maiden name?” and similar choices – unequivocal, known and already remembered (for most of us). It’s quite another to ask questions like, “Where did you meet your spouse or partner?”
Take my case – we met at school some 45 years ago. Should I set the answer as “school”, “high school”, “Vyners High School” (the name of the school) or “London” (the place of the high school), etc. All these answers would be correct, but of course the way the system works, I can only provide one answer, and then the onus is on me to remember how I answered a very ambiguous question, perhaps a year or so from now when I have lost my password, or some such catastrophe. Other choices I had were, “The name of my first pet?” (that was 55 years ago, and, with apologies to sentimentalists, I don’t remember), “The name of my first best friend (again, many years ago, and there were several), and, believe it or not, “The first phone number I ever learned and can still recall.”
Please, designers of security questions, come up with questions that are unambiguous, to which the answers are memorable, and which are not completely silly! Protecting our identities is important stuff – and deserves to be treated as such!