Fidelity Investments

When setting up an online account at Fidelity Investments, I was first prompted to set up a single security question, and then to set up three more. Unfortunately I didn’t get an image of the original question and I don’t know what happened to it.

Fidelity is fairly clear how the questions and answers are used. If you press a “Why do I need this” link, the following pops up:

Fidelity: why?although this explanation seems to refer to the single security question, not the set of three later required.

Here are the questions themselves:Screen Shot 2015-02-13 at 11.52.33 AM Screen Shot 2015-02-13 at 11.52.50 AM Screen Shot 2015-02-13 at 11.53.02 AM

The first two sets of questions are fairly standard: most of the prompts involve information that can be determined with just a little research. I have to say that the “favorite restaurant in college” question is creative, but you can look on LinkedIn to find out where many people went to college, and find popular restaurants nearby (although my favorite closed long ago). But the third question is different and quite unusual: All the answers are 4 or 5 digits, and have very low entropy (around 8 bits for mmdd responses, even less for year of marriage [is this option for people who can’t remember their wedding date?]. Hopefully they need answers to all three.

After going through this, the user is congratulated:

Screen Shot 2015-02-13 at 11.58.47 AMMy online account access is even more secure?  No, it’s definitely not more secure if you create an additional way into my account. But it is good to know that I’ll get a confirmation — but why would e-mail take a few days? If a password reset was fraudulent, I would want to know right away.

Contributed by myself (Jim Fenton)

Advertisements

Published by

Jim Fenton

I'm a networking technologist who likes to travel, bicycle, run, and various other things.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s