“We’ve had some problems with the system, and we’ve had to reset all the passwords.” said the call-center agent, “Before I can tell you your new password, I need you to garlphrumph kwellaos.”
It was a standard problem: The voice-quality on the long-distance call was poor. Her accent wasn’t helping. On top of that, the ability to distinguish signal from noise when it comes to speech has never been a strong point of mine. I’ve always been crap at making out the lyrics from songs.
I asked her, for the third time in that call, to repeat herself.
“Before I can reset your password, I need you to answer some security questions.”
That wasn’t much better. In my attempt to set security questions that only I would know the answer to, I’ve set myself some doozies in the past.
So what was the secret question I had left myself on the mobile phone web site? “What password is stored for this in your Password Safe database?”
Nice one, Einstein!
“Okay, what are the questions?”
“What was your mother’s maiden name?”
Okay, that was easy. I told her the answer (as could dozens of other people who know me).
“What’s the name of the guy on first?”
What sort of security question is that? Could the answer really be “No! What’s the name of the guy on second! Who’s on first!”? But that’s hardly a secret. Did I really set that? Maybe I meant something else. How else could that be read?
I laughed: “Was that really my security question?”
She patiently repeated the question, a little more clearly this time: “What was your place of birth?”
Oh! I understand now!
Comment by Alastair on September 18, 2006
I like the idea of mondegreens as security questions.
Q: Please complete the line “excuse me while I”
A: “Kiss this guy”
For suitably obscure songs this could be more secure than the mother’s maiden name question!
Comment by Cassie on September 18, 2006
How much do I love having a good memory! (Before I had a mobile phone, I used my memory, rather than an address book, to store all my contact numbers and addresses)
But even with this, there are still too many login names and passwords to remember (or to bother to remember, I think, is more the case). So this is my system:
1. If I need to remember it (i.e. if security is important, or I use it fairly regularly, or remotely) then I remember it.
2. If I don’t need to remember it (i.e. security is not a big issue, or if the password can be derived using other means) then I don’t bother trying.
Simple.