Nitobi
About Nitobi
Services
Products
Home -> Blogs -> Dave Johnson

Dave Johnson
« Hack Day Hangover
Internet Explorer StyleSheet Quirks »

How Not to do Security Questions

February 12th, 2008

Recently when I tried to log in to my online bank account I was asked the following security question to validate my identity: “What is your favourite television show?”.

Of course normally I would answer Dallas in an heartbeat, however, I have been watching the Designing Women marathon this week and I am re-living the early romance I had with it.

Needless to say who comes up with temporal security questions? My favourite X changes from week to week so just stick to things that don’t change like your first car, first high school, first wife etc.

Del.icio.us

This entry was posted on Tuesday, February 12th, 2008 at 12:32 pm and is filed under grindsmygears, usability. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

4 Responses to “How Not to do Security Questions”

  1. Andre Charland Says:
    February 12th, 2008 at 1:24 pm

    No doubt, I had the same issue with some weird question at TD the other day. Bottom line was I couldn’t answer it right and it took me about 20min to jump through the hoops to pay some bills!!! Maybe the HSBC UX talk this week will explain why banks are so stupid some times.

  2. Joe Bowser Says:
    February 12th, 2008 at 1:58 pm

    Well, that’s the challenge. You can’t ask for static information online anymore because Facebook and or Google can grab that and you can mine that shit out. For example, Identity theft can happen if you ask for what your mother’s maiden name is. I think best practice for security questions is “What is the name of the first family pet?” followed by “What species of pet was it?”

    Sure, they can find out your first pet was Fluffy, but was it a Rabbit? A Cat? A Hamster? Who knows? That’s a good series of questions that you would remember. However, it adds the complexity of having two questions, and not one.

    UX vs Security, the never ending battle. :S

  3. Jason Says:
    February 12th, 2008 at 3:02 pm

    With blogs, social networks, and things like ZoomInfo, it’s getting harder to come up with questions that can’t be answered by doing a quick Google search on someone’s name. First car’s and relationships are pretty typical fodder for many people’s personal blogs. My sense is that the younger you go, the more likely your My Space profile is to answer the typical security question set.

  4. Dave Johnson Says:
    February 22nd, 2008 at 6:54 pm

    looks like PayPal developer program uses “favourite pet’s name” as an option.

Leave a Reply

Search Posts

Pages

Archives

Categories
All contents are (c) Copyright 2006, Nitobi Software Inc. All rights Reserved
Dave Johnson Entries (RSS) and Comments (RSS).