The online industry, both banking and retail, appear to be taking our security much more seriously. One trend that appears to be gaining in popularity is the idea of a series of security questions. This layer of caution provides for situations like a forgotten password or logging in from unusual places like Nigeria, Romania or Solihull :) when in fact you live in Portland ... or wherever!
These additional security questions are useful but I have a real problem with concept based on one fact ... the questions are too obvious!From the samples I have seen these questions resemble the kind of things that close friends would always know about you, or even worse the kind of things people put in a public profile on Live Spaces or MySpace. Here is a sample of useless security questions in order of redundancy:
- Date of birth
- Place of birth
- Favorite food
- High school graduated
- Pets name
IMHO any question that serves as an ice breaker between strangers or would be found in any reasonable public profile in the Web 2.0 sphere needs to automatically eliminated as a security question. Certainly if you have a choice of security questions avoid the obvious ones!
"There is no other way of guarding oneself against flattery than by letting men understand that they will not offend you by speaking the truth; but when everyone can tell you the truth, you lose their respect." - Nicolo Machiavelli