БƗƗҚ.25 // What is Your 3rd Grade or Favorite Teacher’s Name?
Reconsidering the Internet Security Question
Like you, I spent a lot of time logging in. And while LastPass and two factor authorization have mitigated the utter chaos of my early 2000s password management habits, I still have a bizarre password-related experience on a weekly basis. Most recently it was United Airlines forcing me to answer a whopping five new security questions, including a dropdown-style “who is your favorite artist?” question with a pool of 65 possible answers (only five of whom were women but who is even counting anymore).
The whole concept of security questions is pretty flimsy, as it effectively boils down to “please give us a secure password but don’t worry if you forget it because there is a much less secure way that you can still access your account”. Oftentimes, what is memorable to us is not particularly secure, and what is secure is not particularly memorable. With this in mind, the best way to answer a security question is by treating it as just another password field and responding with a random string of characters or some long phrase like correct horse battery staple. But where’s the fun in that? I believe that if a few rules are followed, we can reinvigorate the internet security question as a vital and pain free component of our online security life.
So here for your consideration I humbly submit a list of potential security questions that would increase account security as well as personal introspection. If you’d like, you can give the questions a test drive in this Google Form (anonymously, of course).
Rule #1: The Answer To A Good Security Question Is Not Easily Guessable.
First, a good security question should be something that you keep secret and is not easily guessable by a stranger. Your father’s middle name, the town your parents met in, and the last name of your fifth grade teacher are each easily discoverable with only basic biographic information. To this end, you’ll sometimes see forms that swing hard the other way with up-close-and-personal questions like “who did you share your first kiss with?”. But I say why stop there? If the goal is to elicit something that you’ll always remember but never tell anybody else then let’s just go for it:
What was the name of the childhood stuffed animal that you occasionally sexualized?
What physical ailment reminds you of your own mortality on a weekly basis?
What is the most clever place that you hide cash in your house?
Who ripped the worst fart you ever smelled?
What invisible lunch did your parents pack in your invisible knapsack?
How do you personally reconcile the presence of a loving god with so much suffering?
Rule #2: A Good Security Question Has a Single Answer.
Next, a good security question should have a single answer. There are very few people who would have a single memorable answer to the question “What is the name of a college you applied to but didn’t attend?” Likewise with subjective questions like asking the last name of your favorite friend: I think different friends are the funniest for different reasons. Nearly every question in the list above could yield multiple answers, unlike the following:
What was the most disappointing TV series finale you ever watched?
What song or movie do you most strongly associate with losing your virginity?
What global leader would you most like to see tried for war crimes in The Hague?
On a scale of 1-10, how certain are you that, if she wanted to, Rose could have made room for Jack next to her on the floating debris once the Titanic sank?
In which of the many countries whose democratically-elected government has been overthrown by the United States would you be most interested in spending a two week beach vacation?
If Train A left City Z traveling southwest at 225 miles per hour, how do you know that we are not in the United States?
Rule #3: The Answer To A Good Security Question Does Not Change Over Time.
Third, a good security question should ask something that will not change over time. The “favorite” questions are particularly bad at this, as my favorite food, favorite holiday, favorite movie, and favorite sport change on a weekly if not daily basis. So what are some questions that yield an answer that won’t change over the course of your lifetime?
In what city or town did you first poo/pee yourself as an adult?
In what year did you realize your childhood dreams would never be realized?
What sugary cereal would your mom not buy so you had to go to your friends house to eat?
What nursery rhyme continues to invoke melancholy whenever you hear it?
What were you eating when you heard that Prince died?
Consider the biggest unresolved fight that you ever had with a friend: why were you right?
Rule #4: A Note on Multiple Choice Questions
Finally, you’ll sometimes encounter a dropdown list rather than a blank entry field. In general, my biggest grievance with drop down lists is that they rarely draw from a full set of answers. What did I want to be when I grew up? Well, I wanted to be a fire truck but I don’t see that as an option. So, in my opinion, if you’re using a dropdown list you need to ensure that you’re asking a question that can draw from a comprehensive and discrete set of answers. For instance:
If you were trying to impress somebody, which letter of the alphabet would you bring as your date to a party?
Which member of the 1995-96 Chicago Bulls would you be least surprised to see appear in a nightmare?
Which Ninja Turtle is the best?
Who was the hottest 9/11 hijacker?
If you were to lead a gang of dogs in a post-apocalyptic world, which of the seven American Kennel Club-recognized breed groups would you be most interested in populating your gang from? (make sure to consider everything you would need in a post-apocalyptic world: protection, emotional support, food gathering, etc.)
While they are each essential, which of the nine essential amino acids have you always told yourself that you’d be fine without?
In your opinion, which of the 76 trombones that led the big parade had the best overall performance?
Thanks for reading,
– Grif