A lot of websites want you to answer security questions before you can login to their site from a new location. New location means same old computer on a different browser too, which is a pain. But the security questions are even a bigger pain.
I had one recently where before it would accept my login, I had to answer this question: Who is your favorite actress?
Hmm. I don't have a favorite actress and I certainly don't remember choosing one as an answer to a security question. I thought long and hard. It must be Jennifer Lawrence. I typed in her name. Incorrect answer. I tried just her last name. Incorrect answer. I thought about some more actresses, but I'm really not into this fame thing at all and couldn't come up with another answer. I refreshed the page. Who is your favorite actress? Gah!
I did eventually gain access to this site because after I refreshed the screen again, I received a security question that I could answer, but really? Why was this question considered a good one? Don't people change their minds all the time about who their favorite actors or actresses are?
Most security questions are just plain problematic. What's your favorite pet's name? That means I can't ever blog about or talk about any of my pets. Same thing for What was the make and model of your first car? What was the first concert you saw? Where did you attend grade school? Where were you born?
I've yet to see something as a security question that isn't either impossible to remember (i.e. who's your favorite actress) or difficult to remember to never talk about online (i.e. the list in the paragraph above.)
It seems to me that a much smarter way to handle this would be two factor authentication rather than stupid security questions. Even if I'm wrong about two-factor, there just plain has to be a better way than these questions.
