I recently worked through the task of recovering an online user account. As a part of the authentication process, customer support requested that I provide the answer to one of my challenge questions. The question was a variation of; in what city were you born? My answer to the question was purple. After a long pause from the person on the other end of the line, I was told that I should provide a valid answer to the question. I followed this with a long pause of my own and then the response, I don’t know if my answer is valid but in this context it is correct. I eventually recovered the account but I didn’t go into an explanation that even when paired with an account number and something like date of birth, providing the name of someone’s high school is not much of an authentication challenge.

It is things like this that causes me to be a bit more reactive rather than proactive when it comes to my personal security. Sure I change my passwords every month, check banking accounts daily, keep an eye on my credit report, block instant credit, and when traveling give the credit card companies a heads-up. But when all is said and done there are a lot of variables that one simply cannot control.

-rkill