Nay, answer me. Stand and unfold yourself.
Long live the King.
The business of challenge-response authentication used to be easier. They had swords; we have cryptography. Who’s better off?
We have passwords, which must never be simple enough to remember and must not be written down on a slip of paper in our desk drawer. So we forget them and call tech support.
But they don’t want us to call tech support (expensive) so they give us a back door: a “security question.” If we can just tell them our mother’s maiden name …
But anyone can find out our mother’s maiden name, so the security questions are getting tougher. And now we arrive at the problem. They are too tough for me.
What was the name of your first pet?
Do you mean my first serious pet, a beagle called Gibbs? Or the lizard I sometimes called Chameley (spelling unknown)? According to official government guidelines for authentication by federal financial institutions, this is an example of “shared secret” authentication. “Shared secrets (something a person knows) are information elements that are known or shared by both the customer and the authenticating entity.” Here are a few more from the current list used by the Department of the Treasury:
You were born in what city?