On-line Safety Questions Are Not Very Efficient. I Nonetheless Love Them.
An airline website wanted to know which musical instrument I played: none, although I used to play the piano poorly. They also wanted to know my favorite ice cream: cookie dough, probably, even though it’s something like a tie with a peanut butter cup. Finally, the website asked, “Who’s your favorite artist?” It offered me a drop-down menu of weirdly different options – including Banksy, Norman Rockwell, Gustav Klimt, Richard Serra, and Shepard Fairey.
The interfaces of large corporations asked me all kinds of questions on the subject of “security”. Some security questions seem simple, almost clichéd: “What is your mother’s maiden name?” (My mother kept hers and then divorced.) “What color was your childhood house?” (Yellow, although it was first blue and then painted.) and then was sold.) “Who was your best childhood friend?” (Annika – easily.) Others are more difficult because they rely on preferences that they hold to be: favorite movie, favorite song, favorite color, even favorite activity. Sometimes they hit right in the heart when I was allowed to choose the security question “What is the love of your life?” (There were some strange poems here – not “who” but “what”.) I was trying to open a bank account when inappropriately asked myself: What do I really love above all else?
Online security questions feel like the icebreakers we might have played in middle school, or maybe second date questions; they ask us to define ourselves with arbitrary markers. They’re like tree house secret passwords, in a game with yourself. I’ve come to love them over the years, those sudden, strange, personal requests guarding our access to some of the most impersonal areas on the internet.
The assumption was that your mother’s maiden name was so lost in the past that hardly anyone else could have known it.
Security questions were invented to solve an existential and at the same time practical problem: How can you prove that you are yourself? Research by Bonnie Ruberg, professor at the University of California, Irvine, revealed security questions around 1850. The Emigrant Industrial Savings Bank was set up in New York for Irish immigrants, many of whom were discriminated against at other banks. In the mid-19th century, banks often used signatures to authenticate people’s identity, but many of the Emigranten-Industrieparkasse’s customers could neither read nor write. The result was a “test book” that contained a wealth of personal information. When customers walked in, employees would ask about their personal history and relationships to verify their identity. Sometimes they even asked the basic question, “What is your mother’s maiden name?” (The assumption was that your mother’s maiden name was so faded in the past that almost no one else could have known it.) Expanded to other banks over the next 50 years – they came up with “challenge questions” or “question-and-answer passwords” or, my favorite, “shared secrets”.
Let us help you protect your digital life
Unfortunately, in the age of the Internet, security issues are not very effective for security. They are often easy to guess (your mother’s maiden name, which may still be her last name, is public information). A 2009 study found that users’ acquaintances were able to predict their security responses 17 percent of the time. Digital security experts advise abolishing it in favor of two-factor identification and better protection methods. Yet security issues remain that are surprisingly difficult to resolve from the architecture of the Internet due to a combination of cost savings, technical challenges, and inertia. We find ourselves in this strange moment of technological in-between, the looming and necessary twilight of the security question.
I love a shared secret – even one between me and my online banking system – and am already starting to mourn the loss of security issues. They feel like an antidote to the homogeneity of the contemporary internet. Unlike the homogenized corporate sites they give you access to, the basic randomness of security issues feels like a holdover from a bygone internet. They are addressed to me personally out of the blue and encourage me to think about what makes me unique. They are artifacts from a time when society thought differently about what constitutes identity and how it can be proven than what we are, not rooted in the idea of objective documents like passports and driver’s licenses, but in personal, often hereditary knowledge that could be shared.
There is something beautiful about this alternative articulation of the self. Instead of presenting yourself as the sum of objective facts – eye color, height, place of birth – you will instead be asked to choose a favorite song. There is something essentially childlike about it; When I was young, I held my preferences like talismans as I tried to locate myself in the world and tell others who I was. I picked a favorite baseball player and kept repeating him: Derek Jeter, Derek Jeter, Derek Jeter. (In a diary I kept when I was 9 years old, I compared two friends and wrote that one of them was a better fit because we were both “huge Yankees fans.”) These things fluctuate; they are imprecise. But the changing landscape of my preferences, affinities, and random personal trifles are more important than my date of birth in my opinion. I am still surprised and delighted to meet another human, a soul mate, who shares my favorite song.
Sophie Haigney is a critic and journalist who writes on the visual arts, books, and technology.