In the United States, the Social Security Administration has rolled out an online service to replace the paper statements they sent out to tell us the status of our account (earnings, etc.) so we don’t get surprised by an error at retirement time. While setting up an account, you need to create a username and password, and then you’re required to select and answer three “Password Reset Questions” (at least they’re honest about what they’re used for). The choices are different for each question.
Here are the choices:
“Name of your favorite childhood friend” doesn’t specify whether it’s first name or the phone name. And that’s one of the other problems with these questions: there are often different typographical answers to the questions, and hopefully the answers are hashed so they’re less subject to disclosure. But, in third grade, did I live on Maple, Maple Street, or Maple St.? Could be hard to get it right when it’s needed.
Social Security also provides password creation rules:
Submitted by myself (Jim Fenton)