too much typing—since 2003


let's visit the peeve zoo!

Today's entry: "security questions" at websites (such as for credit cards) that ask you personal questions which do not have a unique answer, or whose actual, real, correct answer cannot be used because of a dumbass requirement that the answer have a certain number of characters.

Sorry, but questions like "who is your favorite singer?" and "what's your favorite restaurant?" are terrible "security questions"...because their answers will change over time, and it's very difficult to recall, several years later, what you might have answered years ago. (At least that's true if you know lots of singers or eat out frequently.)

Worse yet, then you choose an option whose answer you're reasonable certain to remember ("what was the first name of your childhood best friend?"; "what was the first name of the boss at your first job?"), and then you can't use them due to the character-number requirement. Sorry - but if someone's name is "Don" or "Li" and no one in the entire universe ever called them "Donald," or there is no longer version of the name, the question is ruled out.

So, in recently filling out one of these in order to pay a card online, it's iffy odds whether I'll remember how I answered whatever their idiot questions were.

Are there people who think the answer to "favorite restaurant" is actually a constant?


125records said...

I've never seen those particular questions. The ones I come across rather frequently are "What street did you grow up on?" and "What was the name of your first pet?"

The whole aspect of passwords on the internet really bugs me. I mean, you need to create a password for EVERYTHING, even if you are buying a polo shirt at Don't most people by now have literally dozens of passwords? And of course you're supposed to change them frequently, and never write them down, and never use the same one twice... when are we going to get those retinal scanner peripherals to hook up to our 'puters?

2fs said...

And of course, no one does change their passwords...because every place requires them (whether they need to or not), and so the insistence on "security" compromises security.

Like most people, I have a handful of passwords I use, of varying degrees of security. The most complex one gets used at the sites I need the most security for (such as my e-mail); the next one at sites that require a bit of discretion...and for sites that shouldn't have passwords at all (like your Lands End example - assuming no credit info is stored), I just use "password." Like I care if someone else reads the New York Times as "me."

yellojkt said...

The pet one is annoying because it is indeterminate. You have to pick a safe answer and stick to it. I hate having to mix letters, numbers, punctuation marks, and bird whistles to come up with a password.