By wrapping standard bank security questions, like your mother’s maiden name, your first pet, or the street you grew up on
These questions have made me wonder ever since I first saw them. So I want to ask you all:
Do you take them for serious?
It seems a cultural difference maybe, but I could never remember what I have answered to one of them. I don’t even know the true answers to most of them, and if I know it, then I would still not want my bank to know it.
The only way where this kind “security” makes sense to me is when I can freely type in both the question and the answer. Then I choose a question that does not make sense to most other people, only to me personally, and then I won’t ever forget the answer.
As long as you can choose the answer, you can also choose what the question really is. You can just decide that questions about your mum’s maiden name are actually asking you about the last name of the doctor that delivered your first born.
Or, better yet don’t tie security to personal or externally verifiable information about yourself. In the one or two cases, in recent years, where I’ve had to fill out such (in)security questions, I’ve just treated them as additional password fields, where I just create additional fields for them in my password manager, and generate long, random responses as their correct answers. Why yes, my mother’s maiden name is Correct7Horse@Battery!Staple, why do you ask?
Big tech companies don’t accept security questions to log into email. Like you log in correctly, they do the security questions, make you answer them correctly, then still don’t let you in unless you link a phone number, even if you never gave them one and never agreed to.
These questions have made me wonder ever since I first saw them. So I want to ask you all:
Do you take them for serious?
It seems a cultural difference maybe, but I could never remember what I have answered to one of them. I don’t even know the true answers to most of them, and if I know it, then I would still not want my bank to know it.
The only way where this kind “security” makes sense to me is when I can freely type in both the question and the answer. Then I choose a question that does not make sense to most other people, only to me personally, and then I won’t ever forget the answer.
As long as you can choose the answer, you can also choose what the question really is. You can just decide that questions about your mum’s maiden name are actually asking you about the last name of the doctor that delivered your first born.
Or, better yet don’t tie security to personal or externally verifiable information about yourself. In the one or two cases, in recent years, where I’ve had to fill out such (in)security questions, I’ve just treated them as additional password fields, where I just create additional fields for them in my password manager, and generate long, random responses as their correct answers. Why yes, my mother’s maiden name is Correct7Horse@Battery!Staple, why do you ask?
I once did that, and had to spell out a 32 character alphanumeric password with special characters over the phone lol
Please tell us the name of that bank, so we can avoid it.
Such hassle…
I guess it means yes, you take that stuff for serious.
Big tech companies don’t accept security questions to log into email. Like you log in correctly, they do the security questions, make you answer them correctly, then still don’t let you in unless you link a phone number, even if you never gave them one and never agreed to.