Online Security Questions Are Not Very Effective. I Still Love Them.


An airline website wanted to know what instrument I played: no, though I once played the piano very badly. She also wanted to know about my favorite ice cream flavor: cookie dough, though probably a tie with the peanut butter cup. Finally, the website asks, “Who is your favorite artist?” He asked. He presented me with a drop-down menu of hilariously diverse options, including Banksy, Norman Rockwell, Gustav Klimt, Richard Serra, and Shepard Fairey.

I was asked all kinds of questions for “security” purposes by the interfaces of big companies. Some security questions seem simple, almost cliché: “What is your mother’s maiden name?” (My mom got hers and later divorced.) “What color was the house when you were a kid?” (Yellow, but first blue, then dyed and sold.) “Who was your childhood best friend?” (Annika—it’s easy.) Others are more difficult because they stick to preferences and those preferences are fixed: favorite movie, favorite song, favorite color, even favorite activity. Sometimes, “What is the love of your life?” they cut straight to the heart, as when given the option to select the security question. (There was a strange poem here—not “who,” but “what.”) As I tried to open a bank account, I found myself inconsistently wondering: What do I really love in the first place?

Online safety questions are like icebreakers we might have played in middle school, or maybe second date questions; they want us to describe ourselves using arbitrary markers. They are like the secret codes of the tree house in a game you play with yourself. Over the years I’ve come to love these sudden, awkward, personal inquiries that guard our entry into the most impersonal parts of the internet.

The assumption was that your mother’s maiden name had faded so much in the past that almost no one would ever know.

Security questions were invented to solve a problem that is both existential and practical: How can you prove you are yourself? Security questions arose around 1850, according to research by Bonnie Ruberg, a professor at the University of California, Irvine. The Immigrant Industrial Savings Bank was established in New York for Irish immigrants, many of whom faced discrimination at other banks. In the mid-19th century, banks often used signatures to verify people’s identities, but most of the clients of the Immigrant Industry Savings Bank were illiterate. So he created a “test book” with lots of personal information. When customers arrived, the officers asked them about their personal history and relationships to confirm their identity. Sometimes they even asked the most important question, “What is your mother’s maiden name?” (The assumption was that your mother’s maiden name had faded so much in the past that almost no one knew about it.) This practice caught on and spread to other banks over the next 50 years – they came. it could be called “challenge questions” or “question-answer passwords” or my favorite “shared secrets”.

Unfortunately, security questions Not very effective in terms of security in the internet age. These are usually easy to guess (your maiden name, which may still be your mother’s last name, is widely available information). A 2009 study found that users can predict security responses from people they know 17 percent of the time. Digital security experts recommend eliminating them in favor of two-factor identification and better protection methods. Yet security questions linger, surprisingly hard to remove from internet architecture, apart from a combination of cost reduction, technical difficulties, and inertia. We are in that awkward technological moment in between, in the impending and imperative twilight of the security challenge.

I love a shared secret – even between myself and my online banking system – and I’m already mourning the loss of security questions. They feel like an antidote to the sameness of the contemporary internet. Unlike the homogenized corporate sites where they give you access, the basic randomness of security questions feels like a relic of a bygone internet. They appeal to me personally and encourage me to think about what makes me unique. They are artifacts of an age when society thought differently about what constitutes identity and how to prove it, where who we are is based on personal, often hereditary information, not the idea of ​​objective documents like passports and driver’s licenses. shared.

There is something beautiful about this alternative articulation of the self. Instead of presenting yourself as the sum of objective facts (eye color, height, place of birth), you are asked to choose a favorite song. There is something essentially childish about it; When I was younger, I kept my choices like a talisman as I tried to both position myself in the world and tell others who I was. I chose a favorite baseball player and repeated it over and over: Derek Jeter, Derek Jeter, Derek Jeter. (In a diary I kept when I was 9, I compared two of my friends and wrote that one of them was better for me because we were both “big Yankees fans.”) These things fluctuate; they are not certain. But the changing landscape of my tastes, interests, and random personal trivia is more important to who I am than my date of birth. I am still surprised and happy to meet another person, a kindred spirit, who shares my favorite song.

Sophie Haigney is a critic and journalist who writes about the visual arts, books and technology.


Source link

Leave a Reply

Your email address will not be published. Required fields are marked *