Posts Tagged ‘ADD’

Security questions and adult ADD

December 23rd, 2008 No comments

As defined by Wikipedia, Attention Deficit Disorder or ADD/ADHD is “characterized by a persistent pattern of impulsiveness and inattention, with or without a component of hyperactivity

Most system administrators are worried about the security of our personal information stored in their systems (yes, I wrote “most”) and spend time protecting it, even from ourselves. To protect this information some system administrator, IT gurus and empirical programmers came up with several (complicated ways) to overcome this. One of them is the security questions.

Why are security questions there? Well, let’s say someone breaks into your computer and steals your passwords for a certain page. If he enters the information he will have access to whatever you have protected there. So the smarts IT guys (yes it is sarcasm) opted to ask a “security question”, which is a random piece of personal information. It doesn’t sound like a bad idea, however, as I have exposed here several times, the problem is not the idea, is the implementation.

Have you seen a movie when one of the characters is absent for a long period of time and then comes back and have to prove he or she is not someone else have to reveal a small piece of information of the past that no one else would know… well that is the basic principle… and real life doesn’t work like movies

In real world, people forget things, omit details and have imprecise answers all the time. Now if you add other problems like excess of information, lack of time, ADHD and other common circumstances in our daily lives then it gets messy… here are some real examples:

  • If you ask someone that has ADHD and reads a lot which author is his favorite (question on Sallie Mae) with two months difference between questions you are very likely to get a different answer.
  • Could you imagine for a very sensitive person for example, what would happen if you ask him or her who his/her favorite relative is (question on Capital One)? It may change after a family discussion or even depend on the way that person feels on a particular day.
  • A matter of definition, a “school” starts at elementary or at kindergarten? It is arguable, right? Then which answer is correct if someone ask the name of the first school I attended? (just like Verizon Wireless asked me) Should I have the internal discussion of weather kindergarten is or not a school… Besides, other 60 kids know that answer probably. But don’t worry, on Verizon you can choose the last name of your best friend (I have 3 or 4) or your favorite vacation destination… (I know it is the beach, but did I put Cancun or Ibiza?)

If you add to all this that the answer is case sensitive and a exact match then you are in trouble. What if they ask the middle name of my grandmother and she didn’t have one?

For banks, ok, I think it is worth the hassle, but for a credit association like Sallie Mae… well is not like a digital-burglar is going to enter my debt account and payoff my loans! Don’t do things just because someone else is doing so!

This is probably the last post of the year, so wish you all the best for 2009.