There is only one simple answer to this question- none of your pre-filled “What is your favorite _______ ?” will be appropriate for me. The problem with these questions is that they are either hard to answer for me, or too easy for you to find out by checking out my facebook/twitter/linkedin/whatever social networks. Please, if you are in charge of creating these “security” questions, leave them blank for me to fill in!
If I am forced to pick out of 8 or 10 bad questions, I will end up either making them really easy to answer, or forget the answers to them. Just this evening I was on the phone for over 30 min waiting to reset my account on the system where I could not correctly answer one of these “secure” questions. Where did I spend my childhood summers? Well, I do know where I spent them, but I could not remember which one of the names/places I would have picked a year ago when I signed up for this super secure service!
After reseting my password over the phone, I went into my profile and tried to change the answers. I had to have 3 questions, and these were some of the choices:
Mother’s maiden name- probably the least secure type of question a system can ask. My mother may not have her maiden name on her facebook profile, but yours might.
What is your high school mascot? You could probably find out if you know anything at all about me.
What is your favorite teacher’s name? Seriously? I had a few teachers I really liked, but would be hard pressed to pick one. The answer would be, “it depends”.
What is your favorite movie? Now, I know there are a lot of people out there that have their one and only favorite movie that they have memorized. I actually believe my favorite movie might change over time. What if I see my favorite movie this coming weekend?
What is your favorite show? The same problem as with the favorite movie. Is it all-time favorite? Or is it current season favorite?
You get the idea. Favorite this, favorite that. Best friend, best vacation, best anything. Pet’s name. Either too easy, or too hard. Some people share a lot about themselves online. So please, let me fill in my own security question if that’s the route you pick for making your system secure. Please.