Mother's maiden name as a security question: why, risks

In today's Internet Archaeology issue, we talk about security questions everyone once encountered when trying to log into an old email, social media account, or mobile bank application. Why do we still use them? What is the point of asking your mother's maiden name in the 21st century? Where do they come from, and how can hackers easily find the name of your first pet – read on to learn more.

The Internet is full of headlines about how we have to retire security questions and that all this “personal information” is no longer private in the internet era. In this article, we decided to dig into the topic: do these security questions still protect us from hackers and intruders, or should we leave this vulnerable protection mechanism in the past?

Security questions: take or toss?

Many mechanisms are created to protect our personal information, private accounts, and data, such as various antivirus programs, firewalls, two-step authentication processes, passwords, and security questions. However, passwords and security questions are far from a flawless security solutions. They can be stolen, picked or spied on quite quickly.

Columbia University professor and IT expert Stephen Bellovin found out that the secret question "What is your mother's maiden name?" has been used since 1882: American banker Frank Miller invented this system to encrypt telegrams with the personal data of clients. He also created a complex codebook for bank transfers.

«It would probably have been used when wiring money to someone», said Bellovin. «The message would be from one bank to another, saying (via codewords): “Give $XXX to Joe Smith; he will authenticate himself by saying that his mother's maiden name is Jones”».

And if before, it was pretty hard to find a mother’s maiden name: women almost always changed their names when they married, there were fewer divorces, and there were no such handy tools like Facebook or LinkedIn, where you could easily find anyone’s maiden name. The same is the situation with the name of your first pet: someone can just google your childhood photos, do a little research, and here you are.

Security questions are rudimentary nowadays, and in most cases, it’s better to use complicated and strong passwords, two-step authentication, fingerprints, reliable antivirus protection, and password managers, such as Dashlane, to keep all your passwords in one place.