Plaidophile

You'd think an Internet company like Yahoo would know better than to do this crap. I tried logging in today and it prompted me to set two password-recovery questions. Its advice on the question and answer is:

Make sure your answer is private, memorable and does not change over time.

And yet, none of the questions allow that!

First group:

• Where did you meet your spouse?
• What is your oldest cousin's name?
• What is your youngest child's nickname?
• What is your oldest child's nickname?
• What is the first name of your oldest niece?
• What is the first name of your oldest nephew?
• What is the first name of your favorite aunt?
• What is the first name of your favorite uncle?
• What town was your father born in?
• What town was your mother born in?

Second group:

• Who is your favorite author?
• What is the last name of your best man at your wedding?
• What is the last name of your maid of honor at your wedding?
• What is the name of your favorite book?
• What is the last name of your favorite musician?
• Who is your all-time favorite movie character?
• What was the make of your first car?
• What was the make of your first motorcycle?
• What was your first pet's name?
• What is the name of your favorite sports team?
• Where did you spend your childhood summers?
• What was the last name of your favorite teacher?
• What was the last name of your best childhood friend?
• What was your favorite food as a child?
• What was the last name of your first boss?
• What is the name of the hospital where you were born?
• What is your main frequent flier number?
• What is the name of the street on which you grew up?

I mean, as someone who has never been married (and considering that other people often get married multiple times) and have no children, nieces or nephews, that already knocks most of them out of the running. What's left is either stuff I don't know or remember, changes depending on context (first car? the first one I drove regularly, the first one I owned myself, the first one I rode in as a child?), or is really freaking easy to find or at least guess (for example, considering my grandpa lives in Chicago you can probably guess that my dad was born there).

Yahoo, you are full of stupid.

Meanwhile, I was also recently burned by something similar. Many many years ago when I set up an account with Charles Schwab they asked me for a secret question and answer to reset my password, should I forget it. I finally changed my password after years of having the same one (tsk on me, I know) and managed to get myself locked out. Of course, the question I set was, "What's a Hemingway?" and I couldn't remember which of the dozens of snarky answers I'd set for it. After my third attempt at remembering whether it was "20 pounds" or "12 pounds" or "$2.50, same as in town" or whatever, it even locked me out of that and I had to call customer service. And customer service did basically nothing to verify my identity anyway (the questions they asked were ones which would be pretty easy to ascertain, like my date of birth and mailing address).

In summary, proper security is hard, and the half-assed bullcrap that everyone does instead only makes it hard on the people who it's trying to protect.