Sunday, October 23, 2016

What is the worst account security question?

I take attendance by having the students answer a question.

One of my peeves is very, very stupid account security questions, and the fact that the questions are so ubiquitous that anyone who knows, for example, the street where I grew up (which is by no means secret information!) can get access to a plethora of information. (N.B. I give incorrect answers to such questions on purpose; if you truly are me, you know how I would have answered such drivel.)

What is the worst account security question?

There are many possible stupid questions. I liked and appreciated the students who went the extra distance to make the question truly execrable. My commentary below.

  • What is your dream job?
    What number is Steve thinking of?
    What is the most forgettable thing you can think of?
    (I liked these because the answers will clearly change over time.)
  • How old were you when your first pet died?
    (Not only have you forgotten your password, but now we will force you to remember a sad memory.)
  • What is your password?
    What is your social security number?
    (Well, sure --- look how secure it is! Only someone with the password/SSN can use the security question to access the account!)
  • What color is your soul?
  • What is your favorite childhood memory?
    (I like to imagine that this one requires a full paragraph of answer. Yes, it is case-sensitive.)
  • no account security question
    (Yep, that's pretty bad.)
My favorites ended up being the ones that went for really bad by asking yes/no questions. "Are you human?" ranks pretty highly, but the cake was taken by "Have you stopped drowning kittens yet?" which is not only a yes/no question but also suggests a horrible backstory of the account owner.

This post's theme word is opprobrium (n), "strong criticism" or "public disgrace." Only widespread opprobrium forced the company to modify its website and default account parameters.

No comments: