Online Security Complaint

I’m all for security online, but I am really not a fan of the “security question”.

The security question is often used as a backup for when the user has forgotten the username / password / email address or some other pertinent information. I think it creates more problems than it solves. Some real world examples:

What is the firstname of your sibling (minimum three characters)

I have no idea. He’s my own brother and apparently I don’t know. I call him “AJ” I spell it with two letters… so what did I enter for the bank? A.J.? Not likely. Some nickname? The full spelling of his entire name? I don’t even know how to spell the J-name!

What ____ school did you go to?

Doesn’t matter which school it was; there’s often a gotcha or technicality where I can think of a couple possible names. Then, did I spell the whole school name? Did I put spaces or one long word? Was it the initials? Blimey.

What’s your frequent flyer number?

I’m not really sure what this means, but if it’s what it sounds like; why would I know that off the top of my head?!

I’m writing this after getting locked out of a site that I was trying to give money to. The security answer I gave over a year ago didn’t match with the answer I thought was best. Now apparently I have to call to have my account unlocked. If I wanted to deal with these people on the phone, I would have setup phone payments.

Don’t use security answers: They’re rigid, not memorable for being different across sites and create more problems than they solve.

Categorized in: Personal

This post was written by ArleyM