What is my favorite movie?!!
I asked a colleague once how to answer those silly questions, you know, the ones banks and other sites like to use to reset passwords? They’re used to verify you are, who you say you “were.” Well, my bank at the start of the year had introduced some security enhancements to their site and also required me to choose and answer five questions.
So today, I’m in a hurry and want to login to my bank account before I head off to class and before taking me to my account, it asks me “What is your favorite movie?” Ummm, okay.. What did I put? I completely forgot! My favorite movies change frequently, and I ended up going through Facebook and MySpace profiles to try and remember what my favorite movie could be (I have so many??), and no luck! After about trying fifteen different titles (are the answers case sensitive?), the page displays a notice that my online account has been disabled and call some number to unlock it.
What bullshit! And this happened to someone who’s relatively “security aware” (in my opinion). I felt the frustration so many of our own users feel when they do not remember that stupid, ridiculously hard-to-remember password we make them change every 45 days. The problem is that my bank likes to randomly pick and choose when to ask you these questions. In my case, it was extremely frustrating.
Oh, and almost immediately after I got locked out of my account, one of my instructors had reminded of a quote from my favorite movie.. Want to know what it was?? Yeah, that’s right…
Office Space.
Yeah, I’m not sure why people think asking security questions is a good idea. Maybe for very small instances, it sounds ok, but it scales even worse than passwords and usernames and PINs.
Bank of America asks a set of 5 questions. Bank of Canada asks another set of 5 questions. If you pick the same one for each, you’ve done nearly nothing to combat the fraud that still occurs more than people admit: perpetrated by friends/family that know those answers or can get them.
I also hate those, “Who was your favorite teacher?” questions. That depends on my mood when you ask me…or what I’ve been thinking about recently. And when you’ve been to 12 years of schooling in some good classes and 5 years of college…you get a LOT of choices to muck through!
Sadly, the question I typically pick has to do with my pet’s name or my first dog’s name. I don’t have a pet other than fish and have never, myself, owned a dog. I use my parent’s dog’s name because at least in my mind, that won’t even change. (Mother’s maiden name doesn’t often change either, but I used to get confused because my mom has remarried since I was born, so do I use the original or the second…?)
:) But yes, I universally hate challenge questions unless they can give me the same question every time (or let me write my own). But that’s just not useful.
I say we all move to epic pass poems. Much harder to fake. What attacker memorized all of the Illiad just to steal $20 from my bank account?