There might be a lot of problems with the notion of passwords as a security measure, but nothing is worse to me than security questions. These “secret” questions websites ask suck.
Take a look at those security questions for my Comcast account.
I personally have a problem with every one of those.
- First car? Corolla, but I always misspell it by placing two “r”s. So I never use it out of fear I’ll mis-un-mis-spell it.
- Favorite movie? Goldfinger, but sometimes I think Skyfall. And after Bond 24, who knows? It’s not secure, either, because a lot of people know I love the Bond films. You’d have at least a 1 in 23 chance of getting it right.
- Favorite pet? Dayton. But anyone who has known me for ten seconds knows my cat’s name.
- Favorite teacher? I don’t have one.
- Best friend’s name? I don’t have an answer for that.
- Favorite sports team? Sport? I don’t know, the Indianapolis Whogivesacraps™?
- Where did I honeymoon? No where, because I’m not married and the likelihood of that ever happening is increasingly rare.
- Oldest niece or nephew? I don’t have one.
- First company I worked for? Technically it was a nonprofit as I’ve never worked for a company other than my own. Regardless, that’s not secure as 10 seconds of Googling can uncover that answer.
- What is your favorite beverage? Sweet tea, but I never drink it because it’s bad for me and probably causes my kidney stones. So now it’s not so favorite, is it? What’s that leave? Water? Because that’s about all I drink. Also, it’s highly discoverable based on a few minutes of searching.
So what’s a guy to do? I use 1Password as my password manager of choice and I usually just lie and stick in some big 13 character long password of random numbers, letters, and symbols.
When it lets me use symbols, that is. PNC Bank’s system is so weak it won’t let me use an exclamation mark. Which for a bank is absurd. And they have all the same kinds of security questions, none of which are secure and most all of which never apply to me. Comcast won’t allow obscure characters, either.
And most mere mortals can never be expected to drop $70 on a suite of password management apps like I have. Though most people can probably use one of those secret questions just fine, it doesn’t make them more secure, as any number of questions are easily found out and answered by a third party.
By the end of it, I’m left feeling degraded and irritated at my apparent lack of “nothing but work” and no family in life.