Excuse me if I deviate for a moment and go off on a rant, but I’ve had it up to my proverbial eyeballs with the creeping insanity that’s gripped people responsible for protecting us from would be evil-doers on websites.
Due to changes in my home technology set up as well as changes to my company email address, I spent part of the weekend updating my personal details on various websites – airlines, banks, etc. It’s one thing to be asked, “What’s your mothers maiden name?” and similar choices – unequivocal, known and already remembered (for most of us). It’s quite another to ask questions like, “Where did you meet your spouse or partner?”
Take my case – we met at school some 45 years ago. Should I set the answer as “school”, “high school”, “Vyners High School” (the name of the school) or “London” (the place of the high school), etc. All these answers would be correct, but of course the way the system works, I can only provide one answer, and then the onus is on me to remember how I answered a very ambiguous question, perhaps a year or so from now when I have lost my password, or some such catastrophe. Other choices I had were, “The name of my first pet?” (that was 55 years ago, and, with apologies to sentimentalists, I don’t remember), “The name of my first best friend (again, many years ago, and there were several), and, believe it or not, “The first phone number I ever learned and can still recall.”
Please, designers of security questions, come up with questions that are unambiguous, to which the answers are memorable, and which are not completely silly! Protecting our identities is important stuff – and deserves to be treated as such!
Filed under: Customer experience, IT Management Tagged: | security questions
I couple thoughts on the thread, which raises nothing but reasonable concerns.
With security questions I always use the same answer no matter what lame question I choose. The asking system doesn’t know the difference anyway. In effect, these personal questions become an “Alternative password, please?” question.
As for SteveE’s points, what I’ve done is create a series of cascading passwords and supporting personal accounts (think of onion peeling).
At the center is the one account I use to access my actual money (aka my bank accounts). This account has a single e-mail, a very cryptic password and username.
Beyond that I’ve a separate username, e-mail, and password; this is used for other important accounts – credit cards, investments, online trading, etc.
Then there’s another username, e-mail, and password for even less important things. This pattern continues until I’ve a throwaway hotmail account and username with a ridiculously easy to remember password that I use for things like trying out new sights, downloading whitepapers, etc.
I’m not sure if either is very secure, but it makes me think it is…
This conversation continues at nGenera Community
Brittain
View My Profile
VP of Engineering
nGenera
Hello Vaughan.
A few weeks ago, I was also changing information with my bank, and was put through a number of these verification questions. I was asked about street addresses at which I’ve lived in the past, names of distant relatives, and a number of other things. I have to say, the test was rather difficult to pass. Luckily I made it through, but I felt challenged enough that I commented to the customer care agent that the test was very tough.
Interestingly, just last week I received a call from my ex-wife, on a similar matter. She has recently been assigned the glamorous role of managing customer fraud at a major transportation company. When testing out a prospective verification service, she was subjected to a similar verification process on herself ( sort of the “eat your own dogfood” test ). She called to ask if I can remember having a PO box in a city in which we lived for a total of six months, nearly 20 years ago. Neither of us ever had ( or could recall ) having a PO box in that town, and since there was a box with one of our names on it and mail was put into that box it now shows up as a prior address in her history.
‘just an example of how well-intentioned processes can backfire against the rightful owner of the data.
I know my pets’ names, the color of my first car, but I’m lucky if I can remember what I had for lunch yesterday. I hope they go easy on me in the future.
Bob Landstrom
http://itconsultant.boblandstrom.com