Monday, April 9, 2012

The Problem With the Security Question Prompt

Part of the problem is that, on one hand, many of the questions and answers can be found in databases somewhere (mother's maiden name, high school, etc.). On the other hand, questions whose answers won't appear in any database often have little relevance or permanence for the user (What/who is your favorite ___?).

Riddle me this: What’s a good online security question? (Chicago Tribune)
The woman on the other end of the line was matter-of-fact. "Who is your favorite actor?" she asked.

I froze. Tom Hanks came immediately to mind — versatile, accomplished, serious — but is he my favorite? In truth, all other things being equal, I'd rather see Alec Baldwin on the screen than Tom Hanks, though given that he's mostly a sitcom star these days he might not qualify as the capital-A actor the woman was looking for.

George Clooney? A safe pick, given his two recent Oscar nominations for best actor. But a dishonest pick.

"It varies," I said after a pause. "I can't answer that."

"What about your favorite singer?"

What am I, a teenager? Who has one favorite singer? "No."

"Restaurant you'd most like to visit?"
...an entertaining look at a security challenge and a link to a resource for formulating effective security questions.