The good news is most sites realize we, the users, need nudges to create strong passwords. The bad news is too many of those nudges reject strong passwords from password managers. (I use and am happy with 1Password.)
Worse, too many sites still ask horrible, terrible security questions instead of asking for two-factor authentication. Your first house, your first dog, your mother's maiden name.
Why are these questions so terrible? Because any enterprising bad guy can go to social media sites and get the answers.
But that's not the worst thing I see. You could lie about your house and your dog. No, these security questions assume your mother is invisible.
Why? I see these assumptions:
- Your mother got married. (Not necessary to have a child, you.)
- Your mother's maiden name is not the same as her current name. (Hello! What year is it?)
- Your mother has no online presence.
- Even if she does have an online presence, your relationship with her is private.
All of these assumptions are sexist. And, often wrong. The result? An invisible woman.
Why don't security questions ask about your father's maiden name? Because they assume your father didn't change his name when he got married. Okay, I only know a handful of men who did change their names when they got married, but that number is larger than zero. I suspect you do, too.
If you implement security as part of your job, challenge your need for these security questions. (And stop asking me to change my freaking password every 90 days.) Rethink your security nudges to avoid the sexist problem of invisible women.