Those of you whose reactions is “just pick an answer, it doesn’t have to be literal answer to the question, what’s so hard about that?” – I don’t know if I’m impaired or you’re blessed with a rare cognitive skill or we just aren’t communicating.
Question A says “What was your favorite musical group in high school?” Truth is, yeesh I didn’t have a favorite, I didn’t even have one favorite each for rock, classical, and folk. And does Joan Baez count as a “group”? How about Neil Young? So yeah I can “just pick an answer”. Fine: Pink Floyd.
If this were the only web site for which these damn security questions exist, that would work.
But multiply this situation by 100 different companies/organizations and their infernal security questions. Banks, medical offices, places I order fresh produce from for godsake, uber, my own website’s hosting company, my school, the DMV, Costco, the people I order firewood from…
They don’t all ask the same security questions. Worse, they often ask similar but not quite identical questions. “What was your favorite ROCK group when you were a TEENAGER?” Oh my. I didn’t discover Pink Floyd until high school. I was really into Jim Croce back before that, but is that a ‘group’? Yeesh.
After awhile, this is a lot of semi-accurate answers to have committed to memory.
The security folks in IT think this makes everything more secure. It doesn’t – now we’re writing all this mess down somewhere so we can keep track of it.
If we could make up our own questions, it would be a lot more secure. They could bloody well find the storage space for questions as well as answers. It’s not like we’re uploading a 400 MB mp4 of our eyeball reacting to three different lights. The purpose behind all this charade is to make it a lot more secure. Let’s stick with that. What they’re doing now doesn’t work well for us and we defeat the purpose by writing down the answers somewhere, probably in an unencrypted Word file.