Maria Farrell's post on responding to password reset questions that request all sorts of details about your life is delightful:

[3. What is the name of your father's birth town?]

3 It turns out I have no idea what 'town' my father was born in. (It was Ireland in the 1950s. AFAIK he was born at home or in a nursing home down the road from the farm. He was about the fifth child and the fourth son, so no one was really paying attention.)


[5. What is your favourite film?]

5 It is a matter of both principle and policy with me that my favourite film is Point Break. But this system disagreed. Maybe my punctuation was out or I wasn't allowed a space? Or perhaps, as Lori Petty so memorably told those beautiful, testosterone-poisoned boys, I just wasn't doing it right.

Me, I'm paranoid that I won't remember precisely how I phrased some of my answers to questions like that 1 so my practice has always been to carefully capture a screenshot of my answers to my employer's version of this questionnaire at the time I set them, so I could store them in Evernote or 1Password. 2 What could go wrong?

And then the entire effort was wasted because three years on we were using the same system but with different hosting/support arrangements which had initially just carried over our passwords at the time of the transition 3 but didn't carry over the details by which I'd prove I was me when the time came. That cycle has happened twice over the last few years, and all the security/password questions routine did was add extra hassle to the entire process.

As you can tell from the number of footnotes, this whole bit of security theatre really bugs me.

  1. Or that, in the case of the favourite film question, I'll forget that because I'd mentioned what my favourite film was on my weblog on occasion 4 it might be possible for someone who really wanted to target me to find the answer so I named my second favourite instead.

  2. Those storage spaces aren't on my employer's systems, so I can always access them on my iOS or macOS devices quite independently of our work systems and my ability to remember that set of work-related passwords.

  3. Presumably because nobody wanted to bring the entire organisation's work to a standstill on the first day after the transition to insist that everyone reset their various passwords for our different IT systems 5 and answer a whole 'nother round of security questions.

  4. Except that thanks to my former web host Gradwell's utter ineptitude earlier this year all my pre-2016 content is offline until I can be bothered to put some time into converting it from WordPress into Markdown format and re-uploading it at my new host. So at least right now there's no way to search the current incarnation of Sore Eyes to discover that my favourite film is 2001: A Space Odyssey right now. 6

  5. Single Sign-on. What's that?

  6. Or is it The Right Stuff. Or Close Encounters of the Third Kind. Or The Life and Death of Colonel Blimp. Who could possibly say?