Sunday, March 18, 2007

Vanguard has the security question sickness - big time

Vanguard has taken the "security question" sickness to a new level of absurdity.

If you log into Vanguard from an "unfamiliar computer" (meaning you clear your cookie cache) you have to answer a security question. This means I really have to enter critical information that "only I know".

Except these security questions are the same everywhere. If any site I answer them at is hacked, the hackers know my security question answer everywhere where they can establish my identity.

Since these questions are treated as though they were "secret", the fact that they cannot be "secret" means that they reduce rather than enhance security.

I'm tempted (only slightly) to post the answers to my "secure questions" on my public web site. I could file it under "identity theft made easy" and include my SSN, my birth date, and my favorite passwords ...

I bet Vanguard paid quite a bit for this "feature", probably from a big name consulting firm. Only smart people could possibly be so stupid.

No comments: