Security by Stupidity


I hate security questions—those idiotic series of questions that pretend to make your web experience more secure. I’m not sure how these so-called security questions can be any more secure than the last four digits of your social security number or your mother’s maiden name. At least, most of us has commissioned those two pieces of information to memory.

The real problem with security questions is that they solicit immemorable personal trivia:

  1. What is the last name of your favorite teacher?
  2. What is the last name of your favorite athlete?
  3. What is the name of your favorite charity?

So, instead of committing 1 password to memory, you now need to commit multiple passwords to memory because security questions are really passwords. If you can’t answer the security question, you can’t access your account—even if you know your password. And, with some web sites requiring users to set-up 3 or 5 security questions, that’s a lot to remember. If you have more than one online account, good luck: 8 accounts that require 3 security questions yields 24 pieces of trivia that you have to commit to memory. For people who cannot even remember their passwords without writing them down, how can they even keep track of all their security questions. The net effect is that all these security questions don’t make your online experience more secure. Instead, by requiring people to jot down more trivia (or else face the risk of being locked out of their account), web sites are making their users’ lives less secure unless their users secure the answers to their security questions.


Leave a Reply

Your email address will not be published. Required fields are marked *