Turning security into a game of Trivial Pursuit

Many online and telephone services rely on asking daft personal questions to authenticate users, particularly when a password has been lost or an account locked out. It’s quite common to rely on a mother’s maiden name, first pet’s name or other significant personal data to prove the identity of the caller. We’ve already discussed the problem of using publicly-available data for this purpose, but there’s another problem: remembering the answer you gave when you established these challenge-response questions. How did you spell your first pet’s name? What was the exact model of your first car, or the name of your first love? And will you get locked out if you can’t remember these facts? Courtesy of Wired magazine, we now have the chance to play personal security Trivial Pursuit. Enjoy!