What The Dirty Dozen Teaches Us About Security Questions.

I was reading an article at the New York Times online on passwords (and their “dreaded security questions” such as “In what city were you born?”) and how they are impossible to keep straight.  This being the Fashion & Style section (whodda thunk it?  Data security issues covered in the fashion section of the Gray Lady?), a bunch of celebrities and captains of industry and other people of importance were interviewed.


For a creative bunch, they’re quite literal-minded:



“It’d be fine if [the security question] was my mother’s maiden name,” Mr. Leeds [the president of Leeds Equity and a fixture on the New York social scene] said. “That is different from ‘What is the name of your first girlfriend?’ You think: ‘Well, what do you mean by girlfriend? Is that the first woman I ever slept with, or someone I liked who never particularly liked me back?’ It’s a march through your entire personal history just to get on some damn Web site which will deliver your groceries.”


Ok, so, literal-minded sprinkled with a bit of existentialism.  Also,



[Mr. Paul Rudnick, a writer] also finds the questions misguided. “They should go negative,” he suggested. “What’s your least favorite color, who’s your least favorite relative and who’s the last person on earth you would date? People would remember those questions, and they’d enjoy answering them far more.”


Learning from the Dirty Dozen



More specifically, learning from Joseph Wladislaw.  Who’s Joseph Wladislaw? you may ask.  That’s Charles Bronson’s character in The Dirty Dozen, a story about twelve convicts that are recruited and trained as a saboteur unit against Nazi Germany on the eve of the D-Day landings.


While reading the NYT article, and seeing how interviewees were being so literal-minded about the security questions, I was reminded of the one scene where a doctor tries a word association game with Wladislaw:



Doc: “Weapon.”
Wladislaw : “Baseball.”
D: “Knife.”
W: “Dodgers.”
D: “Officer.”
W: “Pitcher.”
D: “Food.”
W: “Cincinnati.”
D: “Comfort.”
W: “Chicago.”


Yes, the answers make no sense in light of the “questions.”  Now, from a psychological perspective, this might mean….I don’t know, that there is something wrong with the person being assessed.  However, in this day and age of the social web, it might help a bit to be a little crazy.  Or at least, not to take things so literally.


For example, where were you born?  Why does it have to be NYC, or London, or, Burkina Faso?  Why not Andromeda or the Crab Nebula?  Or fish?  The last one, of course, is approaching surrealism, but there’s absolutely no reason why you shouldn’t use “Wladislawian” answers when it comes to answers that no mortal will ever be looking at (as far as I know, these “answers” are stored in a server somewhere and hashed, like passwords).


So, don’t be literal-minded when choosing answers to security questions.  Just make sure you’re consistent in how you apply it.


Will it work in making you safer?  Let me put it this way: Wladislaw is the only one of the Dozen that made it out alive in end.



Related Articles and Sites:
http://www.nytimes.com/2012/06/24/fashion/computer-passwords-grow-ever-more-complicated.html?pagewanted=all



Comments (0)


Let us know what you think