View RSS Feed


Why Favorites?

Rate this Entry
My kids ask me all the time, "Daddy, what's your favorite _________?"

It's one of my least favorite kinds of questions. Why? Because, simply put, I don't ever think about favorites. I could name a million things that I like very much, but which ones are my favorites? I don't know. Should I? Why do I need favorites? Isn't it enough to know that I like a thing? Why do I need to pause and compare it to every other thing of its type that I've ever experienced and decide whether or not it's my favorite, and then file that information away in case somebody asks for it? I don't. I won't. I REBEL AGAINST FAVORITES!

I've been asked so many times in my life, "What's your favorite color?" Truly, I don't have one. At some point, when I was very little, I answered "green," and so I just stuck with that. Everybody thinks my favorite color is green. Whatever. At least I'm consistent.

Rant, rant, rant.

Why am I feeling angry? It's because I just connected to the App Store on my Mac for the very first time, and was forced to choose not one, not two, but three security questions for my account. The old standbys like "What was your mother's maiden name?" weren't there. Instead, I got to choose from things like "What was your favorite band in high school?" Really? What a dumb question! First off, that was a long time ago. Second off, high school was several years long. I suspect most high school students who have favorite bands go through several of them over the years. Finally, I didn't have a favorite band. Ever. I recorded stuff off the radio, made mix tapes, and listened to ... well ... a lot of random stuff. And I liked it. "Random stuff" was my favorite, I guess.

(Ok, I'm not really being fair to myself. There were themes to those tapes, but I didn't ever dwell on which artists were my favorites.)

And the rest of the question choices weren't any better. So! I just made shit up. And because I had to make shit up, I also had to write shit down in case I'm ever asked again. Security, eh? (And by the way, "shit" was one of my answers, in case anybody wants to try stealing my identity.)

Now where'd I put that glass of my favorite Scotch...

Happy New Year, by the way.

PS: My wife asked me what I was getting frustrated about, and when I told her, she said she'd gone through the same thing while setting up an iPad a few days ago, and had simply put "abc123" for all of her answers. She couldn't find any questions that worked for her either. At least I married the right girl. That makes me feel better.

Updated 02-Jan-2015 at 05:04 by Cottontail



  1. Marka's Avatar
    Might I interest you in a Singleton single malt Scotch... on the rocks or neat?

    Yes, I even despised the "what's your mother's maiden name?" I don't wish to be reminded...

    I've found in some instances... though obscured, you can make your own questions, and answers...

    I could be cryptic with both... actually, I didn't make questions, instead I made a simple prompt that I would know the response to... no matter what my mood, or state of absent-mindedness... I wouldn't have to remember what color I was identifying with in that moment... I didn't give away my dog's name... (When security questions invade my privacy... or at least trigger my reluctance to be had so easily -paranoia-)

    Something like...
    Q: Colorado
    A: Colorado Springs

    It means nothing to any observer (except some simple geography perhaps)
    I have a personal connection, so I wouldn't answer Denver, or Ft Collins...
    It's arbitrary, without being a non-sequitur... I've answered things like "shit" before too... then don't remember which of the plethora of swear-words in my vocabulary...that I chose in that moment...

    I feel your pain!
    Happy New Year, to you too!
  2. ArchieRoni's Avatar
    I'll take one of those Scotches, Marka.

    And yeah I feel the same way. If it makes you feel better, picking a random string of characters (I don't recommend abc123 because it's too easily guessed) is actually more secure for those security questions than giving truthful answers. Truthful stuff can be found out by someone with the right google search terms, or if social engineering is done on you. Not that it's likely or anything, but if you happen to get a job with a big company or otherwise do something where you're worth targeting, best practice is to lie through your teeth on all security questions.
  3. Cottontail's Avatar
    Well, I get the issues with things like maiden names and "abc123" (although the latter is probably an unlikely guess for "What's your favorite band?"), but as long as they're sending me down the path of making stuff up, why not just ask me for a secondary password? Or do the mobile phone + confirmation number thing that many places are doing now. That just seems way better, from a two-part authentication standpoint. Forcing people to make stuff up under the guise of a simple question is bad.

    I'll have my Scotch neat and in a shot glass, btw -- not because I intend to take it as a shot, but simply to regulate my input. I'm at work now, after all.
  4. Marka's Avatar
    Well, I'm opposed to giving out my cell number too... it's not a 'Smart Phone'... nor am I... But, I don't wish to give my phone habits, to my internet habits...

    Two Scotch served neat... in a shot-glass...

    Updated 03-Jan-2015 at 02:38 by Marka
  5. ArchieRoni's Avatar
    Two-factor authentication is a little different. That's added on top of your password, it's not there to help if you forget your password, that would actually make it more insecure. abc123 is probably okay as a security question, though it's not about guessing, it's about security from a shotgun approach. Like, let's say there's another data breach at Target and somebody gets a bunch of encrypted passwords and security questions. Anything 6 characters or shorter will be broken in an hour or so because the number of possibilities is small enough for a computer program to try every single one until it finds the right one. Generally speaking, 8+ characters for anything that gates a log-in or password reset is a good call. Though I admit that following all best practices is annoying enough that it may not be worth your while compared to the amount of risk mitigated.
  6. Cottontail's Avatar

    Quote Originally Posted by ArchieRoni
    Two-factor authentication is a little different. That's added on top of your password, it's not there to help if you forget your password, that would actually make it more insecure.
    This is two-factor, however; it's used to authenticate devices on first use. If you connect to the Apple Store from a device you haven't used with the Store before, your password isn't enough. They want you to answer the security questions. Lots of places use your mobile phone number for this purpose now. For instance, every time I log into my bank's web site from a new device, they insist on calling my phone with a confirmation number I then have to enter in order to proceed -- in addition to my password. Honestly, I'm cool with that. The security question thing is what drives me bananas!! - the Adult Baby / Diaper Lover / Incontinence Support Community. is designed to be viewed in Firefox, with a resolution of at least 1280 x 1024.