Posts tagged “reminder”

Forty Useless yet Creepy Security Questions

Inspired by the passionate critiques I read at Authentical, here’s mine. Today, a horrific experience establishing an online account with a State of California website. Although creating a new account is almost an automatic activity at this point, I had to try 5 times to create both a username (which had to have letters and a number, and be between 8 and 12 characters) and a password (which had to have letters both capital and lowercase and a number, etc.) that would work. I’m not sure how that ended up being hard for me, but it did.

But the hysterical part was the security questions. This site required me to set up answers to four security questions. My use case for the security questions is for those situations where I can’t remember which particular configuration of password I used and I need to get a reminder or reset it. Isn’t that everyone‘s case? So we need the reminders to be unambiguous. Fact-y type things like the standby Mother’s Maiden Name, or first pet’s name, etc. are pretty common. Obviously, if they are unambiguous, they can be broken. Somewhere someone can find out your first pet’s name. It won’t change. It’s objective.

These questions are much more personal and I suppose thus are less easily divined by an intruder. But the answers are far from immutable. I had absolutely no confidence I could come up with four questions that I would answer the same way 100% of the time. Even if I could fake out my future password-forgetting self by agreeing with him that I would say the Rolling Stones are my favorite band despite regardless of any wavering in my fandom, I couldn’t successfully negotiate the dialog. What was my dream job as a kid? Well, at one point it was stuntman, then actor, then writer, and I think even director (let’s leave the armchair shrink out of this for now, shall we?). If I put stuntman now, what will I remember when I forget my password?

The Four Questions









Taking those sets of questions away from the context of the registration process, I find them quite creepy, evoking some intimacy that doesn’t exist between me and the government website, or those Facebook memes cum virii where your friends exhort you to answer a random set of personal questions and then get other people to do the same.

Note: there are some wonderful satirical examples of bad security questions on Twitter under #BankSecurityQuestionsIdLikeToSee.

ChittahChattah Quickies

  • American Idol sponsor AT&T sends text-message ads for upcoming season – Note that they included an opt-out and only targeted heavy texters and previous voters. But this quote from the article is the best: "Mark Siegel, a spokesman for AT&T Wireless, said the message was meant as a friendly reminder." Do companies really believe that advertising – especially intrusive text ads that were not opt-in are "friendly reminders?" That's Pentagon-level rhetoric!

Library rhetoric

Here’s a nice bit of rhetoric from my local library (sent via email – a nice feature)

Subject: Courtesy Pre-Overdue Notice from Your Library

94037 PORTIGAL, STEVE L

The item(s) listed below are due back soon. This courtesy notice does not list everything currently on your record, just those items thatare due in the next few days. http://catalog.plsinfo.org For questions, please call your local library.

Pre-Overdue? That’s just ludicrous. And insulting. It places the customer’s actions into the category of prohibited, suggesting you are already a violator.

Are we pre-violating the speed limit by driving 2 mph under? Are airline travellers potential terrorists?

For all the protestations about protecting liberty in the face of the Patriot Act we’ve heard by librarians, you’d think the library culture would be a bit more sensitive to the impact of their language choices (being a library, and all that, dealing with words as their primary item of exchange). Screw you, library, for telling me I’ve almost committed a violation. My books aren’t due until they are due, and don’t treat me like an overdue-book-holding-patron until I reach that point.

(chances are this is an automated feature of some IT purchased by the library system by some vendor, where neither the customer (the library) nor the software company gave any thought to thinking about design, brand, communication, customers, etc. but They Love Infstracture and Cost Savings, so off we go. Yuck).

Series

About Steve