December 19th, 2008
The security challenge question on Bank of America’s site seems innocuous:
In what year (YYYY) did you graduate from high school?
But, what if the user didn’t graduate high school? (Little known fact: I didn’t graduate high school, so I’m a little sensitive to this question.)
Should the user enter the date they would’ve graduated high school? Should they make up a date? How will they remember something that didn’t actually happen?
It’s surprising how many security challenge questions are unanswerable like this. I doubt it leaves the user with a positive feeling about the experience.
Update: This is from the Vanguard web site:
Where did you and your spouse meet for the first time? (Enter the full name of CITY only)
What about multiple marriages? Widows?
To add insult to injury, the design replaces every letter the user types with a dot, so they can’t see if they’re typing the city correctly. (Again, I grew up in a city named Schenectady. Not something I’d want to type in the dark.)Tweet