Off-topic: My father's maiden name is "QWERTY"
I have been paying bills online since 1994. By the mid-1990s I had already set up most of my accounts and things have been routine for years. Until recently.
In the last few months I had to set up several new online financial accounts. Boy, have things changed!
Gone are the days of "your mother’s maiden name" (which is apparently a spent token, along with my date of birth and the last four of my social). The security measures taken "for my protection" have been "elevated" to a whole new level. Now I must answer a series of four to six "secret" questions just to create the account. The systems ask (for my protection, of course) about my mother's, my father's, my spouse's and siblings' first and middle names, the street I grew up on, the schools I went to, the names of my pets, the makes, models and colors of all my cars, miscellaneous important dates in my life, etc., etc., etc. Merely going through the account set-up feels like a full-body scan.
The way I see it, this newish strategy serves two purposes: 1) Serves as a CYA for the service provider, and 2) Shifts the responsibility of securing the account away from the service provider. The obvious unintended consequence of this apparently mass-adopted strategy is that it creates databases chock-full of personal information. How long before these databases are broken into, or sold?
It is clear that the current security "solution" puts a Band-Aid on the problem, while exacerbating it by forcing users to volunteer tons of personal information. I wish I had a better solution (other than the obvious "feed it bogus data or don’t partake.")
Posted by Atanas Entchev at 11/20/2010 4:32 PM 
Categories: Data, database, General, security, Opinion, blog, Business, Technology
Tags: security business Data database Technology
Categories: Data, database, General, security, Opinion, blog, Business, Technology
Tags: security business Data database Technology
Privacy..the next frontier. A similar frustration of mine is when I sign up for the latest and greatest geo service. Now, this is something that really isn't that important to me, but very important to the creator, to such a degree that they deem the user must provide a super cryptic :
Pa$$w0Rd_With_M0r3_Th4n_15_Ch4r4ct3rs!
On a marginally more related note, in the office we have to answer 'Our favorite historical person' when on the phone to IT support; in an open office we frequently here:
Martin Luther King
Florence Nightingale
Sterling Moss
Winston Churchill
...wonder what they could be?
In most cases users are not REQUIRED to answer these questions truthfully, yet most people do anyway. The real issue is that these pseudo-security measures point to (and in a way contribute to) a giant security hole waiting to be exploited.
Example: Do the answers to these "secret" questions have an expiration date (like passwords for many networks) or do they provide a permanent link to my identity?