Folks need to start choosing better security questions for web accounts. I keep running into situations where I do not want to share the information the site is asking for. Or, I am creating a web account that is likely to be used by multiple people (at work, etc.) , but I am prompted to choose a series of very personalized security questions to go along with the login ID that I am creating.
Today's example of this is PayPal. I have to choose two security questions from this list:
- Mother's Maiden Name
- Last 4 characters of drivers license number
- Last 4 digits of social security number (I truly despise this choice)
- City of Birth
Now as I said, I am not really sure that I want to share this information with PayPal. The next issue is that if I answer these questions truthfully I will need to write the info down and tell my co-workers where they can find it so that they can use the account. And, if I make the information up, I will need to both write it down for my co-workers and also remember that I used made up information.
I am starting to think I might just need to create a fictitious person for this type of situation. This person could have a mother with a maiden name, a favorite sports team, a first childhood pet, a childhood nickname, and all sorts of background information. In fact, if I just put together a list of answers for all of these questions and used them as default answers going forward, I could likely solve my problem.
In doing so I would be creating a whole new problem for myself in that I would need to write all of this info down and carry it around with me. And that just might defeat the intended purpose of having security questions.