Security whinging: You want to know my hobby?

Kind of a follow on to Thursday's post: I've recently noticed a number of my financial-services providers implementing a new security scheme, under which I have to provide answers for a flurry of personal-info questions. These go beyond the standard "mother's maiden name." Citibank wanted to know my hobby, my favorite movie, my favorite artist, the name of the first street I lived on ... the idea is that when I sign on to access my accounts, the company will "occasionally" ask me to answer a security question first.

Apparently, the idea is that these questions will thwart phising schemes. Some fraudster may get your log-in password, but will they be able to answer a question about your favorite food?

If only one company did this, I would raise an eyebrow but otherwise not really notice. However, a bunch of the ones I interact with did it all at once. NetBank and Citibank have; I think there's at least one other. So it seems to be on its way toward becoming an industry standard.

I have mixed views on it. On the one hand, if it really does prevent attacks, that's great. On the other hand, this is yet more bits of login info I need to keep stored into my sieve-like brain. Remembering my mother's maiden name is one thing; it's a fixed, unchanging fact. But -- my favorite movie? Er, I dunno, could be any one of five or six? Favorite artist? Same deal. My hobby? I have several. In the few weeks since these schemes went live in Citibank and Netbank, I've had a small moment of panic every time a question pops up. I have to wrack my brain to remember which hobby, which "favorite singer," which "favorite animal" I listed.

So far, I've managed to guess or remember the right answers, and haven't flunked a challenge. We'll see how long that lasts ...