I can't think of a greater user experience failure than those online security questions that are so baffling and stupid that they lock out their owners rather than the bad guys. Last night I tried to log in to my ING savings account after a few months of inactivity. "Enter your customer number." So far so good (thank god Gmail has impeccable search functionality). "Our records show that this computer is unregistered. Please answer the following security questions to proceed." First up--"What high school did you graduate from?" Now, I know full well that I graduated from Plano East Senior High. What I no longer know/remember is how I typed in this school name when setting up my security questions two years ago. "Plano East Sr High" doesn't get me anywhere, and "plano east senior high" exceeds the character limit so that can't be it.
Next up, "What city were you born in?" That's easy, I say. Gomel, Belarus (You can't see it from Alaska, in case you're wondering). I type in "gomel", praying that the security question validator is not case-sensitive and that I didn't put in the country and the city together during setup. Turns out I will never know the correct answer to these questions, because I get "either one or both" of them wrong and am taken to a judgmental screen where I have to validate 97 things about my identity. Good times. Luckily I succeed because the answers are all numerical-based and there's no cause for ambiguity.
But the fun doesn't stop there. "We noticed you had some trouble with your security questions. Please update below." Now I'm forced to select 5 NEW security questions from a drop-box list of 10. Half of these don't even apply to me, such as "Where did you go on your honeymoon?" (I'm not married) and "What is your mother's middle name?" (we Russians don't have middle names). So now I'm left with a big list of crap and ambiguity--"What was the color of your first car?" sounds easy enough, until I remember there was much dispute on this topic among my friends and relatives, some claiming my '92 Mitsubishi Galant was blue, some insisting it was gray, and some saying silver. (In reality it was a cool metallic hue that definitely contained all three of these). Now, I don't need to know what color my car actually was--I need to know what color I will most likely remember entering in to a security question months or years from now. Chances of this having a happy ending? Not high. Next up--"What city was your first job in?" Again, who the hell knows? Not me. First my mind jumps to my first official job out of college, at Yahoo in Sunnyvale, but then I remember that I had a paid internship right before that at a software company, and then memories of all my summer jobs during high school in Texas come rushing back...
Ok, so I may not be the most mentally stable person, and my tendency to over-analyze things to death isn't helping, but come on, are we really expected to remember not only the facts but also our interpretation of those facts several years ago when we set up these damn questions? In the words of my wise friend Lizzie, choosing a password and answering security questions are like writing a note full of inside jokes to your future self, and hoping that you'll get them.
When I voiced my frustrations to my boyfriend, he insisted this was a "female problem" and that boys' minds are much simpler and more steadfast. I think anyone remotely analytical and with a triple digit IQ score would have a problem with "what is your favorite movie?" as the access gatekeeper to his/her entire credit history. Let's see.. 15 years ago it was The Little Mermaid, 10 years ago it was a tie between Clueless and Encino Man (j/k..maybe), 5 years ago it was probably Shawshank Redemption, and now it changes daily. Unfortunately, my punishment for periodically changing my mind is that my credit card account is about as easy to access as the Pentagon.
So in summary, if the geniuses who make up security questions could start thinking like human beings and stop including words like "favorite", I would sleep much better at night (and stop having to keep my important passwords and security question answers under my pillow).
Subscribe to:
Post Comments (Atom)
i thought that your favorite movie 10 yrs ago was blast from the past - another brendan fraser classic, of course...
ReplyDeleteIf only you could write your own security questions then you could just ask yourself stuff that you would never forget like "What member of the hit TGIF show Boy Meets World did you briefly stalk?"
ReplyDeletehaha. Michael Li, it's scary how you know me better than I know myself.. Sean/David, that's the most brilliant idea i've heard in months. Why don't they just let us choose our own questions and answer them? Yours could be "What was your favorite Russian palindrome in high school?"
ReplyDeleteHaha, I'm bored at work so I am reading your blog. This happens to me all the time. I can't even get into my ING account because I think one of my questions is "In what city was your mother born?" And of course she was born in a small village in Thailand. So, did I put the village, or the province? Which province was it ... Surat Thani (one word? two?) or Nakhorn Si Thammarat? And, how the hell did I spell these cities? Did I sound them out myself, or did I spell them the way the Thai government translated them into English? The way Google or Wiki spells it? Needless to say, I didn't get it, and I'm too lazy to take the steps to reset.
ReplyDeleteThis reminded me of you: http://xkcd.com/565/
ReplyDelete