“Do one thing every day that scares you.” - Mary Schmich
What scares me the most? Right now, it’s security challenge questions on a website, that’s what.
I pride myself in being up for a good challenge, but lately, these experiences have almost broken me!
So I’m logging into my bank’s website to pay my Verizon bill, which needed to be scheduled ASAP.
I’m short on time and I’m a little cranky as I haven’t had my coffee yet, but this is the exact moment when my bank decided to roll out their new security challenge questions. Meaning I was blocked from accessing my account until I completed the questions. (One of those “not now” options would have been ideal, so I could come back at a more convenient time.)
I can understand a security question. After all, it is my bank and I really do appreciate what they’re trying to do. Or even two security questions. But I had to complete three, and most of the choices were awful.
Favorite board game? Favorite tool? Favorite vacation destination?
My favorite actor? Well that used to be Al Pacino for the longest time, but right now, I’m totally into Christian Bale. My least favorite vegetable? Currently cabbage but I’m pretty sure I’d hate kale even more if I ever made the mistake of eating it.
Like I said, I’m willing to give my bank a little grace on this one, even through their deployment of the security challenge questions messed with the mojo of my day.
But now imagine a similar scenario except this time you’re prevented from booking a flight after being stranded out of town due to weather. I mean come on, even my BANK didn’t do this to me!
I had to complete FIVE security challenge questions to access my frequent flier account.
The awful questions are back, but this time they’re a whole lot more obscure -- Favorite cold-weather activity? Favorite sea animal? How about “staying inside,” and “whichever one is on my plate,” LOL.
Seriously, challenge questions are of dubious value in securing websites these days. If they’re required for your website, be sure to stick with objective questions that have singular answers.
Most importantly, let users supply their own answers. Think, “Mother’s maiden name” but be more inventive, since the bad guys have surely accumulated that bit of data on most of us by now.