>Why do sites keep adding those stupid security questions? They don’t add security. In fact, I believe security questions reduce the security of a site. And I’m not the only one who thinks that.
Yesterday, when I logged onto my ShareBuilder account, I was forced to pick 5 security questions and answers. It was a struggle. First, I had to work to figure out which five of the questions I could answer (sorry, but my father didn’t have a middle name). The second struggle was figuring out, of the questions I could answer, which questions could I remember the answers to?
So, for Sharebuilder now, if I forget my password, it forces me to remember five answers to five questions that I picked for a list they provided. I believe this will make it easier to hack my account. And since this account manges some of MY money, I’m not happy about that. I want to have to call them up and prove to them that I am me to get my password reset. Again, this is happening because I forgot my password. The hassle of making that call is my “punishment” for forgetting my password. On the other hand, if I am calling because somebody trying to hack my account suspended it, I’d be very happy I had to call since that might be the only way the hacking can be stopped.
ShareBuilder did add some other login security measures too. Now, they ask for your user id and then display a picture and a phrase to me when they request my password. That also means I enter my id and they validate it before I’m asked for my password. So, if I’m trying to hack accounts, I get immediate feedback on whether or not a user name I entered is valid. Is that really more secure? Or does it just feel more secure?
I really do believe these five questions make my ShareBuilder account less secure. Maybe it is time to move my money.