Most people don’t realize the value of the answers to their personal security questions (Citrix Password Manager calls this Question Based Authentication.) As it turns out, those answers are more valuable than passwords. If someone learns enough answers to your personal security questions, they very often can reset your password and have access to your accounts. Yes, that includes your online bank account and it’s a very real problem. In fact, I have a friend so paranoid about this that he swears his favorite color is “three.”
Some of the issues around personal security questions are kind of interesting. For example, I’ve dealt with customers where personal privacy of employees is a big consideration in selecting the questions. Let’s call that one “sensitivity”. Another issue is what I’ll call “changeability” – your favorite movie may change from month to month. Then another issue is what I’ll call “detectability” – my place of birth is public record, if somebody happens to know where I was born and what my maiden name was. Both of those are completely unguessable in my case so I am probably safe on that problem.
Then there is always my favorite, “guessability” – there are only so many colors, even if you count teal and puce.
We can’t forget the punctuation marks either. Tricky to remember whether I indicated a teacher’s name as Mrs. Winters, Ms. Winters, Mrs Winters or Ms Winters when I signed up for a web account. Have to be careful on that one.
We are finding that the more flexibility you can allow the better on these personal security questions for CPM. Let companies write their own personal security questions that are more obscure than place of birth. Let people choose between a number of security questions that they find unique and easy to remember.
In fact, I’d love some comments on pet peeves and helpfuls suggestions on personal security questions!