Security Questions

I’m not sure what to think about security questions. You know, the things they make you answer when you forget your password.

There are some times when I wonder “why not do away with the password?” If answering a couple security questions is good enough to get a new password, then mabe it’s good enough to replace a password.

And some times I get asked a security question I don’t remember setting up, and there are multiple possible answers. In that case, what’s the fallback if I can’t get the answer right?

After seeing a few too many security questions to which I answered (in my head) “How am I supposed to know that?”, I was inspired to come up with a list of bad security questions.

For those developing login sequences, here are questions that will annoy your users:

  • Who sat next to you in 3rd grade?
  • What was your favorite baby food?
  • How old were you when you got your first tooth?
  • What country were your great-grandparents born in?
  • What was your favorite color in 5th grade?
  • How many second cousins do you have?
  • How old were you when you lost your first tooth?
  • What is your favorite noble metal?
  • How long was your bus ride in middle school?

All of those are things which are ambiguous or I don’t know or they don’t have an answer.

Any other examples of bad security questions?

And when they had taken security of Jason, and of the other, they let them go.

Acts 17:9

Digg Del.icio.us Reddit Stumble Upon

This little article thingy was written by Some Guy sometime around 6:56 am and has been carefully placed in the Technical category.

5 Responses to “Security Questions”

  1. Ricky Anderson Says:

    How many of these terrible questions did I know the answer to?

  2. Bryan Logan Says:

    “Favorite Movie” Geez, I don’t know. I don’t really have a favorite. And it changes when new stuff comes out.

    “High School Attended” – Well, considering the town I grew up in had one high school, I’m sure Matlock could crack the code. Or someone can just look at my resume.

    “Mother’s Maiden Name” – This is so trivial to find now. Thanks Facebook!

  3. Some Guy Says:

    It would be tempting to set the same answer, like “blue” or “steak” or “London”, for everything just so you wouldn’t have to remember what you thought your favorite whatever was at the time you answered the questions.

  4. Erin Says:

    Those questions are horrible. I had forgotten my bank account number but needed it to add a new payment method to an online store. I had TWO questions to answer: What was the color of your first car? and What were the names of your maid of honor & best man? It took 30 minutes of the guy on the phone asking me to be more specific or less specific to get to the final answers. For example, my first car was blue but that is not what I filled out. I still don’t remember but it was one of the following: light blue, sky blue, or pastel blue. I’m not even sure what I originally put down for your name. Oh well, I have the number now.

  5. js Says:

    “It would be tempting to set the same answer, like “blue” or “steak” or “London”, for everything just so you wouldn’t have to remember what you thought your favorite whatever was at the time you answered the questions.”

    I tried this before: create a master security question answer. But at least on the account I tried it, it recognized what I was doing and scolded me, making me try again.

    It’s getting bad now; a recent account I set up made me pick seven different questions to answer. And the account was for something insignificant – not a bank account or anything like that.

Leave a Reply

Comment moderation: please do not submit your comment multiple times, as comments are not posted until I approve them. If your comment never appears, that probably means that I didn't like your comment (maybe off topic, maybe spam, maybe not family-friendly, etc.).