100 More Things #190: OLDER PEOPLE MAY NOT HAVE ANSWERS TO THOSE SECURITY QUESTIONS
Jim is 70 years old. He’s setting up an account to listen to music with an online music app. He’s on the security screen and the form asks him to pick security questions to set up an account and type in the answers. He has to pick two questions from the following choices:
Who was your third-grade teacher?What was the name of the first school you attended?What was the name of your first pet?What is your father’s birthdate?What street did you live on when you were born?Who was your best friend in high school?What was your nickname as a child?What was your first car?To the 27-year-old who created this set of security questions, these sound like reasonable questions. After all, the user only has to pick two of them. Certainly two of them have to work for everyone, right?
For Jim, who is 70, it’s been over 50 years since he had his first car, and he’s had dozens since then. It’s been 62 years since he was in third grade. It’s been 70 years since he was born. It’s unlikely that someone who is 70 would know the answers to two of these questions.
It’s Not Just Age
It’s not just age that can make these types of questions hard to answer. For example, I moved a lot when I was young. I lived in the apartment where I was born for three months. I attended 12 schools before I graduated from high school. My parents died when I was young, so I don’t remember their birthdates. I would have a hard time coming up with two questions out of the set above that I had actual answers to.
Even if Jim had a great memory he might not have answers to these questions. Maybe he (and I) could just make up some answers. But the problem with making up answers is that we won’t remember them. (I’ve tried doing this.) Just write them down, then, right? But isn’t the idea of security questions that you wouldn’t have them written down somewhere where people can find them?
Takeaways
Don’t ask people to remember information from many years ago.Don’t assume that people’s lives are standard and permanent.Don’t ask security questions that require long-term memory.
