How can culture play a role in this exactly? I was working recently with a client from India on implementing a Password Management system. I watched as he enrolled himself using some of the default questions provided. One default question was “What is your favorite sports team”. Granted this is probably not the best question for many, especially those rabid fans that have their favorite sports team plastered on the walls of their workspace but it was even less appropriate in this particular case. Considering Cricket is an enormous sport in India and the Indian national team had just recently defeated Pakistan, he put down ‘India’ as his favorite sports team. Clearly this question would not be much of a challenge to guess.
On the other side of the spectrum the question can be so complicated, generic or just ‘wacky’ that it can’t be remembered. A friend of mine once used “How much wood, would a woodchuck chuck …” etc for his security question. In this case, 6 months later he was locked out and he couldn’t remember what he used for an answer at the time. It took a call to the company and having a representative on the phone for an extended period of time before he finally remember that the answer he put down was “Who cares” (Well I paraphrased, as the actual answer is not printable, but you get the idea).
Though institutions use your personal information such as your Mother’s Maiden name and your Social Security Number as it is ‘relatively’ secure (and they have it on hand already), try to stay away from information that can be Googled or obtained from a poorly filed check stub that you tossed into your drawer one day. In the end you need to create a question and answer pair that is both memorable and definitive so you are less likely to forget but personal enough that even someone who knows you well can’t easily guess it.
