Meandering Thoughts

I don't even… Who was my best friend?

Creating accounts online is a chore that each of us has to go through, be it for a bank, shop or some semi-legal website where you can watch your latest fix of Game of Thrones. You fill in a username and password (somehow fulfilling the ever crazier requirements) and the browser does the rest for you (if you are lucky). Pressing submit however does not give you an account: there is more stuff to fill in. This might be your bank details, address, or the dreaded set-up of security questions. Recently, I was setting up a bank account online and I had to choose from the following list (I do not know why they kept misspelling favourite):

  • Where were you when you had your first kiss?
  • What is the name of the band you like most in high school?
  • What was your favorite restaurant in college?
  • What is your oldest sibling’s nickname?
  • What street did your best friend in high school live on? (Enter full name of street only)
  • What was the last name of your favorite teacher in your final year of high school?
  • What was your favorite movie as a child?
  • What was your favorite book as a child?
  • What is your oldest cousin’s first and last name?
  • What was your favorite place to visit as a child?

Some of these questions have answers that are relatively easy to gather online, great security. Yet, a bigger problem is that I do not know the answer to many of these. The favourite questions do not have a clear resonant answer for me: I could probably think of one, however, I might not be able to remember it when I need to, or come to different conclusion…

Another problem is one of consistency. Depending on how my music library is organised at the time, the band I liked the most in high school would be “The Beatles”, “Beatles”, “Beatles, The”. They tried to fix this in the “best friend” question, however I do not know which street he lived on! Three questions remain:

  • Where were you when you had your first kiss? There is probably at least, likely more, one person who knows where this was.
  • What is your oldest sibling’s nickname? She does not have one.
  • What is your oldest cousin’s first and last name? Doable if you have a cousin, but an attacker might reasonable find this out.

This left me with no security question that I knew the answer to and was secure, so what did I do? I had to compromise on security. I’m sure that’s what the bank wants. I don’t even…

By Henk-Jaap Wagenaar.

Last generated: 2022-05-16 15:33