A few weeks ago, I was also changing information with my bank, and was put through a number of these verification questions. I was asked about street addresses at which I’ve lived in the past, names of distant relatives, and a number of other things. I have to say, the test was rather difficult to pass. Luckily I made it through, but I felt challenged enough that I commented to the customer care agent that the test was very tough.

Interestingly, just last week I received a call from my ex-wife, on a similar matter. She has recently been assigned the glamorous role of managing customer fraud at a major transportation company. When testing out a prospective verification service, she was subjected to a similar verification process on herself ( sort of the “eat your own dogfood” test ). She called to ask if I can remember having a PO box in a city in which we lived for a total of six months, nearly 20 years ago. Neither of us ever had ( or could recall ) having a PO box in that town, and since there was a box with one of our names on it and mail was put into that box it now shows up as a prior address in her history.

‘just an example of how well-intentioned processes can backfire against the rightful owner of the data.

I know my pets’ names, the color of my first car, but I’m lucky if I can remember what I had for lunch yesterday. I hope they go easy on me in the future.

Bob Landstrom
http://itconsultant.boblandstrom.com

With security questions I always use the same answer no matter what lame question I choose.  The asking system doesn’t know the difference anyway.  In effect, these personal questions become an “Alternative password, please?” question.
As for SteveE’s points, what I’ve done is create a series of cascading passwords and supporting personal accounts (think of onion peeling). 

At the center is the one account I use to access my actual money (aka my bank accounts).  This account has a single e-mail, a very cryptic password and username. 
Beyond that I’ve a separate username, e-mail, and password; this is used for other important accounts – credit cards, investments, online trading, etc.
Then there’s another username, e-mail, and password for even less important things.  This pattern continues until I’ve a throwaway hotmail account and username with a ridiculously easy to remember password that I use for things like trying out new sights, downloading whitepapers, etc.

I’m not sure if either is very secure, but it makes me think it is…

 
 
This conversation continues at nGenera Community
 
Brittain
View My Profile
VP of Engineering
nGenera