Online Security ComplaintOctober 19, 2010 -
I’m all for security online, but I am really not a fan of the “security question”.
The security question is often used as a backup for when the user has forgotten the username / password / email address or some other pertinent information. I think it creates more problems than it solves. Some real world examples:
What is the firstname of your sibling (minimum three characters)
I have no idea. He’s my own brother and apparently I don’t know. I call him “AJ” I spell it with two letters… so what did I enter for the bank? A.J.? Not likely. Some nickname? The full spelling of his entire name? I don’t even know how to spell the J-name!
What ____ school did you go to?
Doesn’t matter which school it was; there’s often a gotcha or technicality where I can think of a couple possible names. Then, did I spell the whole school name? Did I put spaces or one long word? Was it the initials? Blimey.
What’s your frequent flyer number?
I’m not really sure what this means, but if it’s what it sounds like; why would I know that off the top of my head?!
I’m writing this after getting locked out of a site that I was trying to give money to. The security answer I gave over a year ago didn’t match with the answer I thought was best. Now apparently I have to call to have my account unlocked. If I wanted to deal with these people on the phone, I would have setup phone payments.
Don’t use security answers: They’re rigid, not memorable for being different across sites and create more problems than they solve.
Categorized in: Personal
This post was written by ArleyM