Why Is Mother's Maiden Name Still Used as a Security Question?

In today’s Internet Archaeology issue we will talk about security questions that everyone has once encountered when trying to log into an old email or social media account, mobile bank application. Why do we still use them? What is the point in asking your mother’s maiden name in the 21st century? Where do they come from and how can hackers easily find the name of your first pet – read on to learn more.

The Internet now is full of headlines about that we have to retire security questions, that all this “personal information” is no longer private in the internet era etc. In this article we decided to dig into the topic: do these security questions still protect us from hackers and intruders or should we leave this vulnerable protection mechanism in the past?

Security Questions: Take or Toss?

There are many mechanisms created to protect our personal information, our private accounts and data, such as various antivirus programs, firewalls, two-step authentication processes, passwords and security questions. However, passwords and security questions are far from a flawless security solution. They can be stolen, picked or spied on quite easily.

Columbia University professor and IT expert Stephen Bellovin found out that the secret question "What is your mother's maiden name?" has been used since 1882: American banker Frank Miller invented this system to encrypt telegrams with personal data of clients. He also created a complex codebook for bank transfers.

«It would probably have been used when wiring money to someone», said Bellovin. «The message would be from one bank to another, saying (via codewords): “Give $XXX to Joe Smith; he will authenticate himself by saying that his mother's maiden name is Jones”».

And if before it was quite hard to find mother’s maiden name: women almost always changed their names when they married, there were fewer divorces, and there were no such handy tools like Facebook or LinkedIn, where you could easily find anyone’s maiden name. The same is the situation with the name of your first pet: someone can just google your childhood photos, make a little research and here you are.

Basically, security questions are rudimentary nowadays and in most cases it’s better to use complicated and strong passwords, two-step authentication, fingerprints, reliable antivirus protection and password managers, such as Dashlane to keep all your passwords in one place.

Read Further

Photo – 123rf.com; Frank Miller: Inventor of the One-Time Pad

Ask a question
CCM is a leading international tech website. Our content is written in collaboration with IT experts, under the direction of Jean-François Pillou, founder of CCM.net. CCM reaches more than 50 million unique visitors per month and is available in 11 languages.
This document, titled « Why Is Mother's Maiden Name Still Used as a Security Question? », is available under the Creative Commons license. Any copy, reuse, or modification of the content should be sufficiently credited to CCM (ccm.net).