I just logged into my ING Direct bank account and noticed a potentially frustrating hurdle on the way: the “Secret Question”. On this particular visit, here's the “Secret Question” I was asked:

Obviously, I'm not going to reveal the answer to my security question in this blog post. So let's just pretend I had originally entered another of my favorite movies, “The Miracle of Morgan's Creek”.

Upon login, if were enter “Miracle of Morgan's Creek”, I'd get an error message… because I left out “The”. If I'm lucky, I'll quickly realize what my “mistake” was and correct it. But it's easy to image someone getting very confused, not realizing where he'd made his mistake… or whether he'd entered the wrong movie. After all, some of us have lots of favorite movies.

On some visits, I'm asked where I was born:

Again, I can imagine problems. I could answer this question in numerous ways, including:

  • Toronto
  • Toronto, Ontario
  • Toronto, Canada
  • Toronto General Hospital

Yet another ING Direct security question that can be problematic is “What street did you grow up on?”

I moved around quite a bit as a kid; I “grew up” on several different streets. So we'll just assume we're talking about the first address I lived at, Brunner Drive. But even if I get that right, there's lots of room for stumbles: I have to remember whether I entered:

  • Brunner
  • Brunner Dr
  • Brunner Dr. (with the period), or
  • Brunner Drive

What we really should be testing is whether visitors can answer the question (which is easy, if they know the answer). We shouldn't be testing whether they happen to remember precisely how they formatted their answers. This can be hard, even if they do know the answer!

Some will argue that we should test whether users remember how they formatted their answers, just as we do with passwords. After all, it increases security. However, I'd argue that the usability issues this creates are just too great. Better to ask two easy-to-answer questions, than one ridiculously picky one!

There may be no perfect, fool-proof solution. But I think we can list some best practices that minimize visitor errors, while still ensuring security. I'd suggest the following guidelines, for starters:

  • Try to ask questions that have one unambiguous answer, such as “What was the first street you remember living on?” or “What is your father's middle name? If he has several, what comes immediately after his first name?”
  • Where appropriate, give hints on how to format the answer, for example “Leave out articles like “The” and “A”, or “Spell out the full name of your street. Don't use any abbreviations like 'St.' or 'Ave'”.
  • Give visitors some choice as to which security question(s) they wish to use. (Sometimes it may be impossible to answer a question, for instance if your father doesn't have a middle name! Or the answer may be too easy for impostors to guess.)

These are just off the top of my head. If anyone has any further suggestions, please feel free to add them.

Your request has been submitted and a rep will reach out to you shortly.

Message Sent

Thank you for your interest.

Thank you for registering.

You should receive a confirmation email from GoToWebinar with your unique webinar login information. If you do not receive this email or have trouble logging in to the event, please email asmaa.mourad@cardinalpath.com.

Thank you for subscribing!

You're now looped into the world's largest GMP resource hub!

Thank you for your submission.

Thank you for your submission.

Thank you for your submission.

Thank you for your submission.

Thank you for your submission.

Message Sent

Thank you for registering.

Thank you for your submission.

Message Sent

Thank you for registering.

Thank you for registering.​

Paid media spend by Government websites increased a whopping 139% YoY in 2020.

2020 Online Behavior Live Dashboard

Message Sent

Thank you for registering.

Message Sent

Thank you for registering.

Message Sent

Thank you for registering.

2020 Online Behavior Live Dashboard

Thank you for your submission.

Message Sent

Thank you for registering.

Message Sent

Thank you for registering.

Message Sent

Thank you for registering.

Message Sent

Thank you for registering.

Message Sent

Thank you for your submission.

Message Sent

Thank you for registering.

Thank you for registering.

Cardinal Path is continuing with its series of free training. Next we are conducting training on Google Data Studio. Check it out here.
Cardinal Path hosted a live session to connect with you and answer all your questions on Google Analytics.
Get all the expertise and none of the consultancy fees in this not-to-be-missed, rapid-fire virtual event.

Thank you for submitting the form.

Thank you for submitting the form.

Message Sent

Thank you for registering.

Message Sent

Thank you for registering.

Message Sent

Thank you for registering.

Message Sent

Thank you for registering.

Message Sent

Thank you for registering.

Message Sent

Thank you for registering.

Message Sent

Thank you for registering.

Message Sent

Thank you for registering.

Message Sent

Thank you for registering.

Message Sent

Thank you.

Click here to download access the tool.

Message Sent

Thank you for registering.

Message Sent

Thank you.

Message Sent

Thank you.

Message Sent

Thank you

Message Sent

Thank you

Message Sent

Thank you.

Message Sent

Thank you

Message Sent

Thank you.

Message Sent

Success!
Your message was received.

Thank you.

Message Sent

Success! Thank you
for reaching out.