• (cs)

    For years I have been absolutely frustrated by these "Security Question" schemes. Working in a DoD environment, I am faced with this lunacy on a regular basis.

    I much prefer the option to create my own question.

    My particularly annoying favorite is the "canned" question: 'What is your favorite sports team?' I HAVE NO INTEREST IN ANY SPORT AND CANNOT NAME EVEN ONE TEAM!! I am forced to answer such questions with the word 'team'. Or, better, "What is your brother's name?" I am an only-child!!!

  • (cs)

    I like all of those vegetables.

  • The Poop... of DOOM! (unregistered)

    They're not even secure. It's the kind of stuff that causes 14-year old kids to whine about their Msn-account being "hacked". Some classmate of theirs knows their pet's name, fills it in and tâdaa! Access! There's simply no point, from a security point of view, to these questions.

    Now I'm reminded of that time Sarah Palin's Yahoo account got "hacked" because some kid found the answer to her "secret question" on her Wikipedia page.

  • Anonymous Cow-Herd (unregistered)

    "What is your least favourite comment?"

    I guess for most people it would be this one. Still, at least they didn't use reCAPTCHA - these days I have to reload it at least three times before I get a check word that I can actually read.

  • Machtyn (unregistered) in reply to ParkinT

    What is your brother's name? I only have sisters, you insensitive clod!

    Yes, a security scheme where the answers are finite wouldn't take long to break. For customers that complained, perhaps they could give them a single preselected question with a single drop-down answer.

  • trtrwtf (unregistered)

    I think this would have made more sense if the username and password were also in a drop-down. You know, for consistency.

  • csrster (unregistered)

    "What is your least-favourite security question?"

  • (cs) in reply to ParkinT

    "What is your least favorite Web site?"

  • BlackBart (unregistered) in reply to ParkinT
    ParkinT:
    Or, better, "What is your brother's name?" I am an only-child!!!

    Actually, these make great security questions when you make up an answer (and either make it memorable to you, or record it somewhere). No one could ever guess it then.

  • QJo (unregistered)

    The real WTF is including neither cabbage nor spinach in the answers list.

    What may have happened is that the programmer who originally put this together was given the specification: "Set up a screen with 5 security questions on it. Don't worry about the content - we'll decide that later."

    So off he goes and puts together the screen. In order to ensure it functions adequately (emphasis on the "adequately") he pulls a bunch of questions out of midair ("Don't worry about the content ...") and bangs in any old rubbish answers.

    The final step of the process (i.e. to provide the actual questions and answers) was completely forgotten. Or perhaps the less-than-fully-aware person who specified this system only at that point realised what a difficult job it is inventing five security questions complete with difficult-to-guess answers, and sort of quietly ignored it.

    IMHO the person who wrote the specification deserves to lose their position in the company, and preferably be removed from the company completely.

  • QJo (unregistered)

    Question: "What is your favourite leisure activity?" Answers: (selectable via drop-down): "Sex" "Eating sick" "Walking to work in the rain" "Visiting the mother-in-law" "Wrapping brambles round your legs"

    Nobody will guess the correct answer.

    Here's another good one:

    "What's your favourite TV program?" Answers: "Teletubbies" "Play Away" "Play School" "Watch With Mother"

  • (cs)

    Cauliflower! I really hate cauliflower.

  • (cs)

    "What is your favorite melon?"

    I appreciate melons of all shapes, sizes, and colors as long as they're not artifical, and they aren't doing an impression of a banana.

  • eVil (unregistered)

    I like Angelina Jolies left melon the most.

  • (cs) in reply to Machtyn
    Machtyn:
    What is your brother's name? I only have sisters, you insensitive clod!
    TDWTF is no place for /. memes you insensitive clod!
  • (cs) in reply to frits
    frits:
    "What is your favorite melon?"

    I appreciate melons of all shapes, sizes, and colors as long as they're not artifical, and they aren't doing an impression of a banana.

    Or a pancake.

  • The Corrector (unregistered)
    TFA:
    Apparently enough users an executive disliked answering security questions on a virtual keyboard to the point that they had threatened to take their business elsewhere fire employeees and, when compared to losing customers there jobs, investing in a site redesign made more sense.
    FTFY
  • (cs)

    Simple solution: editable combo box.

  • boog (unregistered) in reply to eVil
    eVil:
    I like Angelina Jolies left melon the most.
    Who cares?
  • Someone from the '90s (unregistered) in reply to eVil
    eVil:
    I like Angelina Jolies left melon the most.
    How soon we forget Pamela Anderson, Queen of the Internet.
  • The Poop... of DOOM! (unregistered) in reply to boog
    boog:
    eVil:
    I like Angelina Jolies left melon the most.
    Who cares?
    I do.

    Pray, good sir, tell me more about this particular melon.

  • Anonymouse (unregistered) in reply to frits
    frits:
    "What is your favorite melon?"

    I appreciate melons of all shapes, sizes, and colors as long as they're not artifical, and they aren't doing an impression of a banana.

    I was wondering about favourite melons too. As far as I know there's only 'melon', except for the botanists out there.

  • (cs)

    My favorite: they give you questions, you answer with correct and/or hard-to-guess responses, expecting that the login security system will query you with a text-box. [Not good, but it's a system you're required to login to, soo....]

    Instead, you get this:

    Q: What is your favorite sports team? Dropdown with:

    1. New York Yankees
    2. Boston Red Sox
    3. Los Angeles Dodgers
    4. Chaminade Silverswords

    Hmmmm, which one did the "clever" user create?, and which ones are system's decoys? Hmmm...

  • The Poop... of DOOM! (unregistered) in reply to Anonymouse
    Anonymouse:
    frits:
    "What is your favorite melon?"

    I appreciate melons of all shapes, sizes, and colors as long as they're not artifical, and they aren't doing an impression of a banana.

    I was wondering about favourite melons too. As far as I know there's only 'melon', except for the botanists out there.

    1. Watermelon
    2. Cantaloupe

    There's also a cantaloupe that's rugbyball-shaped. That makes 2,5 - 3 types. Plenty enough to be secure and near-impossible to brute force it.

    Captcha: Ingenium. This system of security questions about melons is ingenium!

  • QJo (unregistered) in reply to The Poop... of DOOM!
    The Poop... of DOOM!:
    Anonymouse:
    frits:
    "What is your favorite melon?"

    I appreciate melons of all shapes, sizes, and colors as long as they're not artifical, and they aren't doing an impression of a banana.

    I was wondering about favourite melons too. As far as I know there's only 'melon', except for the botanists out there.

    1. Watermelon
    2. Cantaloupe

    There's also a cantaloupe that's rugbyball-shaped. That makes 2,5 - 3 types. Plenty enough to be secure and near-impossible to brute force it.

    Captcha: Ingenium. This system of security questions about melons is ingenium!

    Wikipedia (bless its heart) has 24 different melons listed. Of those, I've heard of four of them (and I used to work in greengrocery).

    You wonder whether you may not be allowed to open an account with this bank until you have tried them all to ascertain what your favourite one is.

  • (cs) in reply to eVil
    eVil:
    I like Angelina Jolies left melon the most.
    Filed under: Oddly Specific
  • TooSoonASys, She Says... (unregistered) in reply to QJo
    QJo:
    Wikipedia (bless its heart) has 24 different melons listed. Of those, I've heard of four of them.

    You wonder whether you may not be allowed to open an account with this bank until you have tried them all to ascertain what your favourite one is.

    That's what I keep telling my wife, but she just doesn't understand.

  • (cs) in reply to TooSoonASys, She Says...
    TooSoonASys:
    QJo:
    Wikipedia (bless its heart) has 24 different melons listed. Of those, I've heard of four of them.

    You wonder whether you may not be allowed to open an account with this bank until you have tried them all to ascertain what your favourite one is.

    That's what I keep telling my wife, but she just doesn't understand.
    Blow up dolls rarely understand anything.

  • (cs)

    What is entropy?

  • Ex hubby (unregistered) in reply to frits
    frits:
    Blow up dolls rarely understand anything.
    But neither do they misunderstand, so if I could go back in time ...
  • UrzaMTG (unregistered)

    Would it be better or worse to return to free-text answers, and then not prompt mobile users for a security question at all? This is what my bank does.

    P.S. What does it take to get an account approved around here? Sheesh...

  • Mr Keith (unregistered) in reply to Anonymouse

    "What is your favorite melon?"

    The kind wrapped in prosciutto.

  • (cs)

    It's well known that web developers have problems with insecurity.

  • Slartibartfast (unregistered)

    I usually simply choose any security question at random and enter a large string of randomly typed characters into the text box (well, in case there IS a text box!), one of the kind that nobody including me could possibly remember, effectively taking this whole stupid "security" concept of asking questions out of the equation completely.

    The thing is - typically, these systems are used as a measure to retrieve/reset lost passwords, thus they actually weaken security, no matter how well they are designed. But: I never forget my passwords, at least not those for important logins which I need to use regularly and cannot just easily replace with a new one like on a seldomly used account on some bulletin board or whatever. So I don't really have any need for "lost-my-password" functionality, and especially not if that critical side entrance to my account is guarded by questions like "Who was your favourite teacher?" which could be answered by at least 20 classmates from good old school times.

  • (cs)

    Wow, 5 dropdowns and maybe ten possible answers each is about 10^5 combos, which is approximately 17 bits. Talk about secure.

  • (cs)

    Ahh, those gawd-awful "security" questions.

    I recently registered for an account on a site that allowed the user to pick from a set of canned questions. I was able to pick four different questions with the same answer.

    Re: Making up a unique, non-guessable, secure answer and saving it: If users could do that correctly, they'd remember their passwords, and wouldn't need security questions, wouldn't they? Maybe the best option is a checkbox that says "I solemnly swear to never forget my password so please don't open a backdoor into my account"

  • QJo (unregistered) in reply to RichP
    RichP:
    Ahh, those gawd-awful "security" questions.

    I recently registered for an account on a site that allowed the user to pick from a set of canned questions. I was able to pick four different questions with the same answer.

    Re: Making up a unique, non-guessable, secure answer and saving it: If users could do that correctly, they'd remember their passwords, and wouldn't need security questions, wouldn't they? Maybe the best option is a checkbox that says "I solemnly swear to never forget my password so please don't open a backdoor into my account"

    Another useful security technique for the feeble-minded which is (if not perfect) better than the silly-question one is the "Forgot your password?" button which results in the site in question emailing a new temporary password to your email account. Yes I know it's not perfect, because you need to remember a password to access your email.

  • QJo (unregistered) in reply to Slartibartfast
    Slartibartfast:
    I usually simply choose any security question at random and enter a large string of randomly typed characters into the text box (well, in case there IS a text box!), one of the kind that nobody including me could possibly remember, effectively taking this whole stupid "security" concept of asking questions out of the equation completely.

    The thing is - typically, these systems are used as a measure to retrieve/reset lost passwords, thus they actually weaken security, no matter how well they are designed. But: I never forget my passwords, at least not those for important logins which I need to use regularly and cannot just easily replace with a new one like on a seldomly used account on some bulletin board or whatever. So I don't really have any need for "lost-my-password" functionality, and especially not if that critical side entrance to my account is guarded by questions like "Who was your favourite teacher?" which could be answered by at least 20 classmates from good old school times.

    +1 QFT

  • QJo (unregistered) in reply to RichP
    RichP:
    Ahh, those gawd-awful "security" questions.

    I recently registered for an account on a site that allowed the user to pick from a set of canned questions. I was able to pick four different questions with the same answer.

    Re: Making up a unique, non-guessable, secure answer and saving it: If users could do that correctly, they'd remember their passwords, and wouldn't need security questions, wouldn't they? Maybe the best option is a checkbox that says "I solemnly swear to never forget my password so please don't open a backdoor into my account"

    ... or, to put it more bluntly: those who are too stupid to be able to remember a password but who still believe in on-line banking deserve to have their bank accounts ransacked.

  • N (unregistered) in reply to QJo
    IMHO the person who wrote the specification deserves to lose their position in the company, and preferably be removed from the gene pool completely.

    Here: fix'd that for you.

  • Andrew (unregistered) in reply to The Corrector
    The Corrector:
    TFA:
    Apparently enough users an executive disliked answering security questions on a virtual keyboard to the point that they had threatened to take their business elsewhere fire employeees, and , when compared to losing customers there their jobs, investing in a site redesign made more sense.
    FTFY
    FTFY
  • (cs) in reply to The Corrector
    The Corrector:
    TFA:
    Apparently enough users an executive disliked answering security questions on a virtual keyboard to the point that they had threatened to take their business elsewhere fire employeees and, when compared to losing customers there jobs their jobs, investing in a site redesign made more sense.
    FTFY
    FTFTFY.
  • trtrwtf (unregistered) in reply to Anonymouse
    Anonymouse:
    frits:
    "What is your favorite melon?"

    I appreciate melons of all shapes, sizes, and colors as long as they're not artifical, and they aren't doing an impression of a banana.

    I was wondering about favourite melons too. As far as I know there's only 'melon', except for the botanists out there.

    You crazy or sumpin'? There's watermelon, and, um, firemelon and earthmelon and airmelon. So that's at least four.

  • Anon (unregistered) in reply to Raedwald
    Raedwald:
    ts Wren?hi toypa

    FTFY

  • Anon (unregistered) in reply to eVil
    eVil:
    I like Angelina Jolies left melon the most.

    I used to, but not anymore. It knows what it did...

  • The Poop... of DOOM! (unregistered) in reply to trtrwtf
    trtrwtf:
    Anonymouse:
    frits:
    "What is your favorite melon?"

    I appreciate melons of all shapes, sizes, and colors as long as they're not artifical, and they aren't doing an impression of a banana.

    I was wondering about favourite melons too. As far as I know there's only 'melon', except for the botanists out there.

    You crazy or sumpin'? There's watermelon, and, um, firemelon and earthmelon and airmelon. So that's at least four.

    And heartmelon! And if all five of them combine, you get Captain Melon!

    Oh wait, airmelon should be windmelon then... Crap

  • (cs) in reply to trtrwtf
    trtrwtf:
    Anonymouse:
    frits:
    "What is your favorite melon?"

    I appreciate melons of all shapes, sizes, and colors as long as they're not artifical, and they aren't doing an impression of a banana.

    I was wondering about favourite melons too. As far as I know there's only 'melon', except for the botanists out there.

    You crazy or sumpin'? There's watermelon, and, um, firemelon and earthmelon and airmelon. So that's at least four.

    So the fifth melonment is Melon Jovovich, right?

  • trtrwtf (unregistered) in reply to frits
    frits:
    trtrwtf:
    Anonymouse:
    frits:
    "What is your favorite melon?"

    I appreciate melons of all shapes, sizes, and colors as long as they're not artifical, and they aren't doing an impression of a banana.

    I was wondering about favourite melons too. As far as I know there's only 'melon', except for the botanists out there.

    You crazy or sumpin'? There's watermelon, and, um, firemelon and earthmelon and airmelon. So that's at least four.

    So the fifth melonment is Melon Jovovich, right?

    Um, no. It's melonin, of course.

  • Jeff T (unregistered)

    For reference, here is the full listing of the various question and answer choices. Yes, the dropdowns are NOT sorted alphabetically or even logically... at least as far as I can tell.

    How old was your first car? 1980-1989 1940-1949 1950-1959 1970-1979 1930-1939 1960-1969 1929 or prior 2000-2009 1990-1999 2010 or newer

    What is your favorite national monument? Mount Rushmore Jefferson Memorial FDR Memorial Statue of Liberty Crazy Horse Vietnam Veterans Memorial Martin Luther King Jr. Memorial Lincoln Memorial Washington Monument

    Where was your father born? Central America South America Pacific Island Europe Africa Asia Australia Caribbean North America Middle East

    What was your mother’s sign of the zodiac? Aries (March 21 – April 20) Cancer (June 21 – July 21) Capricorn (December 22 – January 20) Pisces (February 20 – March 20) Scorpio (October 23 – November 21) Leo (July 22 – August 22) Gemini (May 21 – June 20) Sagittarius (November 22 – December 21) Aquarius (January 20 – February 19) Taurus (April 21 – May 20) Libra (September 23 – October 22) Virgo (August 23 – September 22)

    How old were you when you got your first job? 21-25 older than 32 10-15 26-28 29-32 16-20

    How old were you when you were first married? 41 or older 31-35 Younger than 21 26-30 36-40 21-25 Never

    How many older siblings do you have? 5 6 2 8 0 9 or more 3 7 1 4

    How many times have you gotten a speeding ticket? 0 3 4 5 or more 2 1

    What was your father’s sign of the zodiac? Capricorn (December 22 – January 20) Scorpio (October 23 – November 21) Leo (July 22 – August 22) Aquarius (January 20 – February 19) Virgo (August 23 – September 22) Cancer (June 21 – July 21) Gemini (May 21 – June 20) Aries (March 21 – April 20) Taurus (April 21 – May 20) Sagittarius (November 22 – December 21) Libra (September 23 – October 22) Pisces (February 20 – March 20)

    What is the highest level of education you completed? College Elementary High School Middle School Junior College Trade School Junior High

    What is the first letter of your father’s middle name? E P D K A S R U V G N T L B F W Q H O M C Y I X Z J

    Where was your mother born? Caribbean South America Asia Central America North America Africa Australia Middle East Europe Pacific Island

    What was your oldest sibling’s sign of the zodiac? Taurus (April 21 – May 20) Scorpio (October 23 – November 21) Gemini (May 21 – June 20) Libra (September 23 – October 22) Aquarius (January 20 – February 19) Sagittarius (November 22 – December 21) Pisces (February 20 – March 20) Virgo (August 23 – September 22) Leo (July 22 – August 22) Capricorn (December 22 – January 20) Aries (March 21 – April 20) Cancer (June 21 – July 21)

    What is your favorite soft drink? Mountain Dew Diet Dr. Pepper Diet Pepsi Orange Crush Root Beer Pepsi Diet Coke Dr. Pepper Seven Up Lemonade Coca Cola Ginger Ale Iced tea

    What’s the color of your mother’s eyes? Gray Blue Violet Brown Hazel Amber Green Black

    How old were you when your first child was born? 31-35 Younger than 21 21-25 41 or older 36-40 26-30 No Children

    What is your favorite movie genre? Musical Mystery Documentary Animated Romance Action Comedy Sci-Fi Horror/Thriller Fantasy Epic/Myth

    Where is your favorite vacation spot? Venice Greece Florida Mexico Scandinavia London New York City Disney World Kenya Paris India Canadian Rockies Costa Rica Argentina Tuscany San Francisco Seattle Hawaii Western U.S. South Africa Rio de Janeiro Palestine Egypt The Alps Far East New England Jamaica

    What’s the color of your father’s eyes? Violet Blue Brown Green Gray Black Amber Hazel

    What is your favorite subject in high school? Gym History Math Social Studies Reading Art Civics Music Science English Langauage

    What is your favorite type of music? Folk Country Alternative Bluegrass Pop Hip hop Rock and Roll Disco Mariachi Jazz Soul Classical Reggae Blues

    What is your favorite color? Yellow Chartreuse Pink Gold Orange Green Red Amber White Gray Silver Lavender Black Blue Purple

    What is your least favorite vegetable? Corn Green Beans Brussels sprouts Cauliflower Peas Turnips Beets Asparagus Broccoli

    What was your oldest niece or nephew’s sign of the zodiac? Taurus (April 21 – May 20) Pisces (February 20 – March 20) Cancer (June 21 – July 21) Sagittarius (November 22 – December 21) Leo (July 22 – August 22) Scorpio (October 23 – November 21) Libra (September 23 – October 22) Virgo (August 23 – September 22) Aries (March 21 – April 20) Capricorn (December 22 – January 20) Gemini (May 21 – June 20) Aquarius (January 20 – February 19)

    What year did you graduate from High School? 1990-1999 1930 – 1939 1910 - 1919 1960 – 1969 1950 – 1959 2000-2009 2010-2019 1970-1979 1980-1989 1940 – 1949 1920 – 1929

    What is your favorite melon? Honeydew Don’t like melon Papaya Cantaloupe Watermelon Crenshaw Musk Melon

    What musical instrument would you like to know how to play? Trumpet Piano Oboe Cello String Bass Guitar Tuba Banjo Saxophone Flute Drums Trombone French Horn Violin Viola Clarinet Bass Guitar Organ

    What color was your first car? Pink Brown Silver Green Other Red Yellow Tan Beige Black White Gold Blue Orange Purple

    Where was your maternal grandmother born? Central America North America Middle East Europe Pacific Island Australia South America Asia Caribbean Africa

  • Anonymous Cow-Herd (unregistered) in reply to QJo
    QJo:
    "What's your favourite TV program?" Answers: "Teletubbies" "Play Away" "Play School" "Watch With Mother"
    I think you're owed an internet for that one.

Leave a comment on “WTF Factor Authentication”

Log In or post as a guest

Replying to comment #:

« Return to Article