Betting on my memory!

Yesterday my bank again asked me to identify myself with the security questions. On answering the three of them correctly (not easy at all which I will tell you in a minute) I was asked to choose a different set of 3 questions from 5. It makes you laugh.What were the questions: Roughly they were
-What was your grandfather's first name
- What was your first bike
- What was your mother's maiden surname
- Which was your first school
etc etc.

What's amusing about these are couple of things. One, the questions themselves are 'spoof'able which means a hacker can create these questions with fair predictability because more security based checks use the same question bank.

Two, most of my close friends or cousins who knew me from the last 25 years will know the answer for all these. So, it is easier to regenerate and hence hack my password than guess/break the password by brute force!

While multiple layered checks are touted as additional security, the layers are as strong as the weakest link.

Some of my other accounts allow me to choose my own questions. Now there are isues there as well. One, I need to choose those questions for which only I know the answer. I need to remember the spacing, the acronym and if the answer is in my native language then remember the phonetics as well. Now this is betting on my memory too much. Given the fact that I hold at least 5 online accounts how many answers can I remember?

And if I forget my password after 3 years, I may not even remember the answers to my self generated questions.

Security and convenience never go hand in hand. Fortunately I'm too small a person for someone to hack.