I was logging in to an online account. In order to enhance security, it required me to create a new password, and to choose a new “challenge” question and answer in case I forgot said new password. The new password I could do, even though it required some obscure number of characters with an assortment of letters in multiple cases, numbers, and even a special symbol or two. But, I had a real hard time with the security questions, because I don’t think I could recall the answer to any of them if asked. Here they are, along with why each is impossible to answer.
- Who was your childhood hero? When in childhood? When I was 6, it was probably He-Man. I discovered Batman (the Adam West version) when I was around 8 or 9 and thought he was really cool. But a few years later I started to watch Get Smart on Nick at Nite and really thought some of the agents there were heroic. With my luck, I’d pick Batman today, and then when I need to reset my password, I’ll respond with He-man, and have my account locked out for good.
- What are the first and last names of your first boyfriend/girlfriend? This would require one having a girlfriend. Should I answer N/A, Not Applicable, Does Not Apply, Non-existent, or something else in that vein? How will I remember that answer later on?
- Which phone number do you remember most from your childhood? It’s a toss-up. I was a phone number machine growing up…I knew them for everyone in the family. This was back before everyone had cell phones. Quite a few stand out. My parents still have the one (although the area code has changed). We still use the digits of a relative’s phone # growing up as the passcode for the garage door. My grandparents’ number in New York was memorable because it contained five 6′s in a row. So, which do I answer for this superlative question? And will I remember it again when I have to answer this challenge question in the future? For example, suppose I pick my parents’ #, but had to open the garage a few times lately and so that number sticks out.
- What was your favorite place to visit as a child? Another superlative question. Childhood encompasses a good 10-15 years; there were a lot of changes to what might have been the favorite place.
- Who is your favorite actor, musician, or artist? (A) Which of the three do I pick? I answer “Clark Gable” right now, but when resetting a password, I pick “Norman Rockwell.” (B) Another superlative. I don’t have a particular favorite in any of these; my mood changes way too often.
- What is the last name of your third grade teacher? Finally, an objective question that has a clear, definitive, invariable answer for most people. One problem here though, at least for me. I have no idea how to spell it. She was one of my favorite teachers during elementary school, but her last name was long, and there are several sounds that can be expressed multiple ways — was that a cu in the middle or ku? Did it end with en or in? Third grade was just too long ago and I don’t remember.
I understand the need to have security questions that are difficult for someone to crack. But the questions should be something with a clear, distinct, invariable, yet repeatable answer. Asking someone to pick out a memorable event/person/moment of a long span of time leaves too much room to forget what was picked later on. Asking something like a phone number presents problems (did I format that as (111)-555-1234 or 111/555-1234 or just 555-1234) , to say nothing of the complications that can arise from articles, spacing, and nicknames. (was that teacher Mrs. Jane Doe, Mrs. Doe, or Jane Doe? Was my elementary school John F. Kennedy School or did I write it as JFK Elementary? Was my favorite supervillian The Riddler or just Riddler?)
I also think using superlatives is detrimental on two fronts. First, for those of us who don’t really have a favorite x, it’s hard for us to remember what we picked. And, for those who DO have a favorite x, it would probably be easier for a “friendly” identity thief to hack the account. For example, suppose “Bob” really liked a particular musical group, to the point of wearing apparel with their logo, having bumper stickers for this group, maybe a screen saver on a work PC that featured this group, etc. Now, suppose an unscrupulous friend or colleague decides to hack into “Bob’s” account. By dumb luck he figures out the user name, “bob_smith,” and clicks “I forgot my password.” Aha, we’ll reset your password as long as you answer this question. What is your favorite musical group. The thief, realizing all Bob’s fandom for this group, simply types in the name, and viola, he’s in.
I agree with the need to make it harder for identity thieves to break into our information. But, let’s not go so far as to make it impossible for us to get in there ourselves.
