Bruce Schneier this morning posts about custom “secret” questions to be used as part of identity-verification with a bank.
His suggestions are extremely amusing, but they’re also… a little too logical, for my tastes.
I have for a while been advocating to friends and family the use of complete non-sequiturs for these sorts of things, even with the typical unimaginative sorts of questions.
Remember, the point of this sort of thing is that it’s the answer that’s important; the question, not so much so, because – especially with online banking – it’s something a potential identity thief can probably easily see, and then go hunting for the answers to – or just guess. “Where did you grow up?”, “What’s your favorite food?”, “What’s your mother’s maiden name?” and “What’s your favorite color?” are the kinds of things you can often figure out from someone’s MySpace page or Facebook pages…
…if they’ve answered honestly.
Read the rest of this entry »