Security question

Financial institutions have used questions to authenticate customers since at least the early 20th century. In a 1906 speech at a meeting of a section of the American Bankers Association, Baltimore banker William M. Hayden described his institution's use of security questions as a supplement to customer signature records. He described the signature cards used in opening new accounts, which had spaces for the customer's birthplace, "residence," mother's maiden name, occupation and age. Similarly, under modern practice, a credit card provider could request a customer's mother's maiden name before issuing a replacement for a lost card. as well as phishing. In addition, whereas a human customer service representative may be able to cope with inexact security answers appropriately, computers are less adept. As such, users must remember the exact spelling and sometimes even case of the answers they provide, which poses the threat that more answers will be written down, exposing them to physical theft. == Application ==

Due to the commonplace nature of social-media, many of the older traditional security questions are no longer useful or secure. A security question is just another form of a password mechanism. Therefore, a security question should not be shared with anyone else, or include any information readily available on social media websites, while remaining simple, memorable, difficult to guess, and constant over time. Understanding that not every question will work for everyone, RSA (a U.S. network security provider, a division of EMC Corporation) gives banks 150 questions to choose from. Security specialist Bruce Schneier points out that since they are public facts about a person, they are easier to guess for hackers than passwords. Users that know this create fake answers to the questions, then forget the answers, thus defeating the purpose and creating an inconvenience not worth the investment. ==See also==