Pet Peeve: Security questions asking for your “favorite”

I just signed up to pay my gas bill online, and, like many other sites that have monetary transactions going on, they have a security-question-and-answer in case you forget your password. No problem – I usually choose “first pet’s name” because that’s not particularly easy to track down by someone wanting to impersonate me, like “mother’s maiden name” or “hospital where you were born.” I’m not particularly paranoid about using those, though, if they don’t have “first pet’s name.” The ones I never choose? The “what’s your favorite ______” ones. Because, really? Are there people who have favorite movies or books that NEVER CHANGE?

The gas bill site had the following questions available (note: when I went back to look, they gave some different ones, so this is an amalgamation of all the ones I’ve seen – some are better than the original set):

What’s your favorite movie?
What’s your favorite song? (seriously? that changes EVERY WEEK, if not more often)
What’s your best friend’s last name? (I ultimately went with this one, but it was still somewhat arbitrary; might not be for everyone, though)
What’s the title of your favorite book?
What is the name of your favorite fictional character?
What is your favorite teacher’s name? (elementary school? high school? college? grad school? I have five or six teachers I’ve loved…how do I remember which one I felt most enthusiastic about when I chose the question?)
What was your favorite vacation place to visit as a child? (sounds promising, but I’d prefer a more objective “where did your family most often vacation when you were a child”)
What is your pet’s name? (not an option when I was choosing; but if you have more than one pet? Or if you change pets before you need to reset your password?)
Where did you first meet your spouse/partner/etc. (not an option when I was choosing, but finally an objective one! But, being single, I can’t answer it, so I’m still looking…)
And that’s all there are

Folks, DO NOT DO THIS. The point of a security question is so that you can recover your password using a question that you can easily answer, but other people either wouldn’t know, or would have to work really hard to find out. I can see why that makes the “favorite” thing attractive, because it could be very difficult to guess, but it basically becomes a second password to have to remember. I had to write down the answer to the question I chose, because who knows in two years, three, whenever, if I’ll remember my subjective response at this moment? Questions can be objective without being public record.

Dad

Well said! I have often worried about banks using “mother's maiden name” as it seem s that it would be easy for somebody to find out if they really wanted to. And they all seem to just love that one. I often use “favorite movie” and just vowed to never change no matter what new movie comes out that I like more…. First pet's name I guess is OK with me. Just can't use “pet's name”
http://www.the-frame.com/blog Jandy

Yeah, “mother's maiden name” is far too easy. I only use it if there's no other option. If I had EVER had a favorite movie that I could definitively point to, I might use it…but I'd have to go as far back as Hans Christian Anderson or Justin Morgan Had a Horse! (i.e., my favorite movies when I was, like, six).

A comment on my livejournal pointed out that the best was when the site lets you make up your own question and answer. When they do that, I tend to use something like “what's the full name of your horse [or dog]“. Since we never use their full names, it's not likely someone would be able to figure it out (particularly with Cim, since his registered name is different from what I call him – someone could probably dig up Rebel's full registered name if they wanted).
http://www.the-frame.com/blog Jandy

Yeah, “mother's maiden name” is far too easy. I only use it if there's no other option. If I had EVER had a favorite movie that I could definitively point to, I might use it…but I'd have to go as far back as Hans Christian Anderson or Justin Morgan Had a Horse! (i.e., my favorite movies when I was, like, six).

A comment on my livejournal pointed out that the best was when the site lets you make up your own question and answer. When they do that, I tend to use something like “what's the full name of your horse [or dog]“. Since we never use their full names, it's not likely someone would be able to figure it out (particularly with Cim, since his registered name is different from what I call him – someone could probably dig up Rebel's full registered name if they wanted).
web developer

I can see your point but yuou haven't actually come up with anything any better. Any suggestions?
http://www.the-frame.com/blog Jandy

Yes, actually, as I said in the post – use questions that have objective answers. Don't ask “what's your favorite teacher's name” – ask “what was your tenth grade social studies teacher's name” (as an example – but make it something that has a specific, definitive, and factual answer). Don't ask “what's your favorite movie” but “what's the first film you saw in a theatre.” Or “what's the first album you bought with your own money.” Anything else is subject to change. The “first pet's name” one is good, too, just not “what's your pet's name” – I grew up with a dog, a horse, and four cats at my house, which one am I supposed to choose, and how do I remember which one I chose later?