An airline website wanted to know what instrument I played: none, although there was a time when I was terrible at the piano. It also wants to know my favorite flavor of ice cream: cookie dough, perhaps, even though it’s something bound to the peanut butter cup. Finally, the site asks, “Who is your favorite artist?” It offered me a drop-down menu that had humorously different options – among them were Banksy, Norman Rockwell, Gustav Klimt, Richard Serra, and Shepard Fairey.
I have been asked all kinds of questions by the interface of large corporations for the sake of “security”. Some security questions seem simple, almost cliché: “What’s your mother’s maiden name?” (My mother kept hers, and later divorced.) “What color was your childhood home?” (Yellow, even though it was blue at first, then it was painted and then it was sold.) “Who was your childhood best friend?” (Annika – easy.) Others are more difficult, because depending on their preferences they have to fix: favorite movie, favorite song, favorite color, even favorite activity. Sometimes they cut straight to the heart, like when I was given the choice of the security question “What is the love of your life?” (There are a few odd verse here—not “who” but “what.”) I was trying to open a bank account when I found myself wondering: Above all, I really am. love what?
Online security questions have the feel of icebreakers we might have played in middle school, or maybe second-day questions; they require us to define ourselves using arbitrary markers. They are like the secret password in the tree house, in a game you play by yourself. I’ve fallen in love with them over the years, these strange, abrupt, personal inquiries that have secured our entrance into some of the internet’s most personal areas.
Assume that your mother’s maiden name has faded into the past where almost no one else is likely to know.
Security questions were invented to solve a problem that is both real and real: How can you prove that you are you? According to research done by Bonnie Ruberg, a professor at the University of California, Irvine, security questions were born around 1850. The Emigrant Industrial Savings Bank was established for Irish immigrants in New York, many of whom experience discrimination at other banks. In the mid-19th century, banks commonly used signatures to authenticate people’s identities, but many Migrant Industrial Savings Bank customers could not read or write. So it created a “test book” filled with personal information. When customers arrive, staff members ask them about their personal history and relationships to verify their identity. Sometimes they even ask the quintessential question, “What was your mother’s maiden name?” (Assuming that your mother’s maiden name has faded into the past that almost no one else can know.) This practice began and expanded to other banks over the course of the next 50 years – surnames. came to be called my favorite “challenge question” or “question and answer password” or “shared secret”.
Unfortunately, security questions are not very effective for security in the internet age. They are usually easy to guess (your mother’s maiden name, which can still be her last name, is widely accessible information). A 2009 study found that users’ acquaintances were able to predict their security answers 17% of the time. Digital security experts recommend that we get rid of them in favor of two-factor identification and better protection methods. Still, security questions persist, surprisingly difficult to remove from the architecture of the internet, due to some combination of cost-cutting, technical challenges, and inertia. We are in a strange time of intermingling between technology, the moment of impending sunset, and the necessity of the security question.
I love a shared secret – even one between myself and my online banking system – and I’m already starting to regret the loss of security questions. They feel like antidotes to contemporary Internet likeness. Unlike the uniform corporate websites they give you access to, the necessary randomness of the security questions is like a vestige of a past internet. They were addressed to me, personally, unsurprisingly, and they prompted me to consider what makes me unique. They are artifacts of an era when society thought differently about what constitutes identity and how to prove it, when who we are was not rooted in the idea of objective documents like passports and driver’s licenses. vehicle, but rather personal knowledge, often shared genetics.
There is something beautiful about this alternative articulation of self. Instead of presenting yourself as a sum of objective facts – eye color, height, birthplace – you are instead asked to choose a favorite song. There is something essentially childish about this; When I was younger, I considered my hobbies like talismans, because I tried to position myself in the world and tell others who I was. I picked a favorite baseball player and did it over and over: Derek Jeter, Derek Jeter, Derek Jeter. (In a diary I kept when I was 9, I compared two friends and wrote that one of them was a better fit for me because we were both “big Yankees fans.”) These things fluctuate; they are not correct. But my variation of interests, relationships, and random personal trivia is, I think, more important to who I am than my birthday. I am still surprised and delighted to meet another person, a kindred spirit, who shares my favorite song.
Sophie Haigney is a critic and journalist who writes about the visual arts, books, and technology.