I’m all for security online, but I am really not a fan of the “security question”.
The security question is often used as a backup for when the user has forgotten the username / password / email address or some other pertinent information. I think it creates more problems than it solves. Some real world examples:
What is the firstname of your sibling (minimum three characters)
I have no idea. He’s my own brother and apparently I don’t know. I call him “AJ” I spell it with two letters… so what did I enter for the bank? A.J.? Not likely. Some nickname? The full spelling of his entire name? I don’t even know how to spell the J-name!
What ____ school did you go to?
Doesn’t matter which school it was; there’s often a gotcha or technicality where I can think of a couple possible names. Then, did I spell the whole school name? Did I put spaces or one long word? Was it the initials? Blimey.
What’s your frequent flyer number?
I’m not really sure what this means, but if it’s what it sounds like; why would I know that off the top of my head?!
I’m writing this after getting locked out of a site that I was trying to give money to. The security answer I gave over a year ago didn’t match with the answer I thought was best. Now apparently I have to call to have my account unlocked. If I wanted to deal with these people on the phone, I would have setup phone payments.
Don’t use security answers: They’re rigid, not memorable for being different across sites and create more problems than they solve.
Ran into this issue a couple of times with managing different accounts for different websites. I despise them!
I TOTALLY agree with you. Did I use capitals? The whole name? Spaces? What was my favourite colour last year? Arrrrgggghhh.
P.S. I like following your twitter account, by the way. I still remember you as the helpful photocopy guy at Mailboxes Etc., and then briefly when I worked at Benjamin James for a week. It’s nice to virtually catch up with you. :)
–Carol_likes_pie
I always find it funny when your computer saves your words you often use as usernames or passwords for these type of security questions. So if someone did steal my laptop and they were asked for…lets say, my favourite colour. When I type in “R” for example nothing shows up “G” still nothing but if I enter “B” it pre populates “Blue”. Anyone could figure that out in 30 seconds if they were using my own computer to hack my stuff. UGH…