A couple of years ago a few sites started collecting answers to a few personal questions. The idea was to strengthen security by integrating a few personal questions to the authentication process. It also would help unlock accounts in case users forgot their passwords. After all the questions were private enough that only the account owner would know the answers.
Nowadays it seems like every site is requesting personal and private information as a means of beefing up security. But I wonder if the security proposition is any longer valid.
You've seen these questions before:
- What is your mother's maiden name?
- What is your favorite pet name?
- What street did you grow up on?
- What was the name of your elementary school?
- What city were you born in?
- What was your first car model?
With so many sites storing so much personal information about you, is your privacy and security any longer assured? What guarantees do you really have that these responses will remain private and out of reach of prying eyes? Who knows what kinds of people have access to these responses. Are the responses encrypted? Are they shielded from the companies' personnel? Are they safe from hackers and snoops? Besides how secure can these responses be when so many people choose to reveal personal information on their blogs, forums, or Facebook accounts?
Most likely these responses are given less protection than login names and passwords as they are generally the second line of defense in authenticating users. Once site operators have access to these private responses, it won't be too difficult for one bad apple to use them to gain access to your other accounts. Some guesswork and social engineering is involved but since when that stopped determined account thieves.
Maybe I'm just too paranoid, but it seems to me that the enhanced security gained through personal responses is just an illusion and the convenience of password recovery is not worth the risk. In fact it may be worse than just the traditional login and password. At least you are not giving away personal details about your life to some faceless site. Nor will your accounts be compromised on the basis of a few answers which may be easily obtained on Google.