I've got a secret

Shhhh!

15-May-2008. The online world has gone security crazy! Suddenly every site wants you to answer "secret questions" that can be used to challenge your logon. It's not good enough that you have a password that conforms to whatever standards the site has established (at least x characters long, letters/numbers, upper/lower case, etc.) and not including your name, address, birthdate, etc. Nope. Secret questions that only you supposedly know the answer to are all the rage.

The credit union jumped on the bandwagon quite a while ago. After I logged in they displayed a warning message with a "risk-level" score — my risk was evaluated as "severe." The newly redesigned site has made the warning even more prominent.

Eventually I capitulated. Eventually I changed the password I had used for 15 years to something more robust — 8 characters: 6 randomly chosen letters in random upper/lower case and 2 randomly chosen numbers stuck in the middle of the string. I answered the silly secret questions. My risk-level improved from 33 to 38 — still "severe." When I checked their "personal security recommendations" for me, they wanted me to change my userID to a random string like my password, using both letters and numbers and upper and lower case; they wanted me to add passwords to various types of transactions (Oh, you want to transfer money from one account to another? Password please!); and use something called "enhanced authentication Phone & SMS options."

Sorry, I'll just stay at risk-level severe. After all, my account has been perfectly safe for 20 years, including all of those when my password was four digits long!

My online broker, TD Ameritrade, got into the act next, nagging every time I logged on that I had not yet answered my security questions. Again I capitulated.

Good golly, Miss Molly! There were four sets of questions from which to pick one each (see left).

Who makes up these questions, twits just out of junior high? I mean, really! Some of those questions might be meaningful if you're a pre-adolescent into making lists of your favs, but "favorite sports team mascot" and "first name of your first roommate"?

My "favorite holiday side dish" might be gingered brussel sprouts one year and creamed pearl onions the next. And which holiday are we talking about, anyway?

Let's say you set up all those questions and answers. What are you going to do? That's right, write them down on a sticky and paste it on your computer monitor! That's really secure. Or, you'll try to commit them to memory and forget, thereby locking yourself out of your own account as I did with my CapitalOne credit card. This is insane!

Today I upgraded my cell phone, and sure enough, the new AT&T decided I had to have secret questions for my cell phone account. What about those of us who don't have hard-and-fast favorite everythings? "What country would you like to visit?" I can think of about 20 that would be high on my list.

I can't remember the names of all my elementary school teachers, and none of them was a particular favorite. Who was my fourth-grade teacher, anyway? I do remember our fourth-grade geography book: the cover was gray with a drawing of a globe on it, and that was the year we learned about "our brown brothers south of the border" and about the yellow people who live in China and eat nothing but rice. Learning the different color races was a big deal in fourth grade. It's a wonder anyone emerges from childhood sane and with an open mind.

---

If you have trouble remembering all your passwords (I just counted, I have 182 of them) — and who doesn't — I highly recommend a little program called RoboForm. It quietly keeps track of all the passwords and forms you fill in and remembers it all, and when you come back to the same site it fills them in for you. How else could I survive with 182 passwords?