[mikestew]

Yeah, I thought I was clever doing that until the day came to reset my login with my bank. They didn't ask a single one of those questions, and instead asked questions that anyone with my credit report could have answered. </facepalm>

[Zancarius]

That reminds me. Someone I know once received a notice from the OPM (Office of Personnel Management, for those outside the US, who deal with government hires and the likes) related to the massive data breach over the last couple years, and they offered ID theft protection through a 3rd party for free (oh boy!). The questions were outright absurd--they asked a variety of minutia (largely credit-related) going back 30+ years that no one would likely be able to remember.

Except that I'd imagine if the thieves in question had access to a person's history and credit report, they would have been able to answer these same questions with greater accuracy than the person whose data was stolen.

For all the effort some companies place on security, it seems wasted when they rely on information that is publicly available--or in this case, part of a corpus of data that may or may not have been stolen.