Darn Security Questions and the Day I Wished for More Numbers

How many of you have been locked out of an on-line account at least once?  Everyone, right?

It happens after trying too many passwords.  Maybe because SOMEONE was multi-tasking with the caps-lock on.

Of course we can always call and ask the security police to retrieve it.  Two weeks ago I had to do this, and along the way I glimpsed a whole new level of security interrogation.  My experience went something like this:

“Name of your first pet?”

Hmm, I wonder: do I count the Gerry the gerbil, even though he was actually my brother’s?  Or what about the stray tabby we fed every day when we lived in Chevy Chase?  I’m not sure so I settle on “Fritz”, the fluffy French poodle Grandma gave us, who unfortunately only lasted three weeks.  But my security wench with the Indian accent doesn’t like this answer and skips to a question about cars.

“What was your first car?”

Really?  Was I nostalgic when I first answered these questions?  Or did I ever answer them?  Would I count the Buick I secretly drove up and down the driveway at night before I got my license?  Or do they mean the first one I was legally allowed to drive?  No, surely they mean the first one I owned!  But since I did so poorly with Fritz, I go with my first thought: the Buick. She doesn’t like this answer either.  We move on to something more concrete.

“Name of the street you lived on when you were born?”

Seriously?  Do other people remember things like this?  If they do, they definitely aren’t Navy brats who moved three times before they were five.  Hang on, I tell her: I can give my seventy-nine year old father a call and see if he remembers.  But she doesn’t want to wait.

So, she switches modes and I convince her to give me the password anyway.  I’ve failed three out of three but for some inexplicable reason she still thinks I’m legit.  I’m guessing it’s because a.) I don’t sound like a desperate criminal; b.) there’s nothing much of value in my phone bill; c.) she’s goaled on customer satisfaction with no penalty for security breaches.

Can you say, “security failure”?  In fact this illustrates a hugely important concept in security: to be effective, it actually has to work.

Naturally I don’t mind in this case.  But I honestly never thought I’d beg them to use something as simple and concrete as a 16 digit account number (which I have).  If they are going to ask these kinds of questions they need to be much more precise: “What was the name of the Boston Terrier owned by you and your family when you lived on Fourth Avenue in Coronado when you were fourteen?”

Except, we had two of them.



Tags: , , , , ,

Leave a Reply