Here’s an article with some history about “security” questions. But I would say that these companies (and government agencies) are more casual about your security, rather than about your privacy. So many of the answers to these questions are already out there, so the privacy issue is already moot.
It’s well-established that passwords are a flawed security system. Attackers can guess them, steal them from a database, or watch you type them in. But until we can get our smartphones to take our DNA to confirm our identities, we’re stuck with them.
The processes that let you recover your password if you forget it, though, can be much worse than passwords themselves.
Companies that take security seriously will ask you to authenticate your identity with a “second factor,” such as a code they send to a device they know you own. Companies that
don’t care are more casual about your privacy will ask you to answer “security questions” — which are typically questions that anyone could guess after a thorough stalking of your Facebook account: Oh, there’s a photo of you with your high school best friend. Oh, there’s a status update with your “porn star name,” combining your first pet’s name with the…
View original post 275 more words