Seems to me that almost every time I have to answer somebody’s security questions, no unambiguous answer applies (or the question is flawed because there are only a few possible answers). As an example of ambiguity, I can’t choose the one that asks “What street did you grow up on?” either because I lived in seven houses between the age of 3 and 13, or because I grew up on 98th street, which might be spelled the way I just did or spelled out in words (with or without a hyphen) or I might spell out “street” or abbreviate (or capitalize it) or omit it altogether. My grade school, likewise, could be named in a variety of ways, all equally plausible.
But if they let me invent my own question, I could come up with some that are both unambiguous and impossible to guess. I’d choose, say, “what is Arthur’s middle name?” There is only one Arthur I know (and I know him well–he was my best friend growing up) and I know how he spelled his middle name. “What was grandma’s name for you?” likewise. “What was the number of the bus that took you to middle school?” “What was your sixth-grade teacher’s first name?” “Which country was your paternal grandfather born in?” “Which bridge did your dad like to walk to on Saturday?”–I have dozens of questions, and so do you, that I can spell only one way, but which anyone else couldn’t possibly get on fewer than 20 tries.
So why am I stuck with the same standard security questions on every website? Is it a failure of imagination on the IT people’s part? Is there some technical problem in letting people make up their own questions? is it because most people would make up questions that are too easy to guess?
Someone suggested to me that that last question is probably it. "Ya let people make up their own questions and they’ll make up questions that are easy to remember but easier to guess. How many Beatles were there? Who was President before Trump? Like that.
So what I’d do is give people a choice: Use our dumbass questions, OR make up your own (and warn them that it’s easy to guess “Four” and “Obama” to those questions, so come up with something more personal to you.)
How come they do not provide this option?