[ryanlol]

That's what you get when the reps can see the answers. The only working solution is to have the reps "log in" to the users account by entering the security question answer.

If the reps can see the answer, it's far too easy for the attacker to turn the verification process into a game of twenty questions.

[GordonS]

I've had this before with my bank, when I've had to authorise a large card payment (for a car). I was asked various security questions about monthly recurring payments from my account (in the UK, so standing orders and direct debits), but I've so many I can't keep up, and I change savings accounts and health, car, home, pet insurer every year to get a good deal.

The rep on the phone kept prompting me when I was unsure. She'd mention an amount, then when I was unsure they'd say something like, "maybe it's for your mortgage...? Maybe the company begins with the letter 'N'?"

It was all a bit silly, security theater at its finest.

[freehunter]

I had the opposite recently. Trying to log into my alma mater's website to get a copy of transcripts, but my account had long ago locked out. They asked me questions over the phone to reset it, but I couldn't answer any of them.

"What is your phone number on file?" Shoot, I don't know, it was an old number that I changed maybe 6 years ago...

"What is your address on file?" I've moved maybe five times since then? I tried "was it in another state?" to narrow it down, but the answer was "I can't say that".

"Okay, we can verify you by classes you took..." Great, now we're getting somewhere! I took Intro to Ethics. "We need to know what term." Okay, this is tricky, it was like 10 years ago... Fall of 2006? "We need to know professor's name." Um. I think I have the book here, I know he wrote it... Professor McLaughlin? "I also need to know the day of the week the class was held and what time the class was."

Are you effing kidding me? I wish I was joking. I ended up just calling my old advisor and he "verified" me with an email to the helpdesk.

[macintux]

I've found that the only known repository of all my previous addresses is Amazon. I really need to capture them to 1Password.

[snowwrestler]

Pull a free credit report--you get one per year by law. It should have all your past addresses on it, or at least within the last X years.

[tracker1]

As bad as it probably is, I've kept it in google sheets going back a few years now...