Banks Rushing to Add Security Questions?
Posted on 27 March 2007
It would appear, from my recent online banking visits, that there must be some mandated April 1st deadline for implementing “security questions” — additional security methods to verify identity by asking the user for his favorite song or movie, mother’s birthplace, or similar.
Some of the questions seemed good, most are so vague or unfitting to my life to be useless.
“What was your childhood home’s street number?”
Which childhood home? The one to which I was brought home from the hospital? The one I lived in from 4-8 years of age? The one I started and finished high school in?
My favorite movie? What if I have such ambivalence, even for good movies, that I wouldn’t have an answer for that question?
I assume that this is for some kind of regulatory (governmental or industry-specific) compliance… but is it really making my data more secure for EVEN MORE data being compiled on me somewhere?
If I answer the same question for multiple sites, with the same answer, isn’t that — in itself — a security problem?
I know that the initial reaction from most would be that “at least they’re doing something,” but I don’t really buy into that. Seems to me like a false sense of security, which can, in the right circumstances, be far worse than known-flimsy security.