The other day either me or the computer caused the financial website to ask me a personal question. You know one of those three questions you selected (along with a picture, motto and password that contains at least 8 characters, one special character and one large capitalization) that uniquely identifies you.
Who comes up with these questions? Favorite Candy, boardgame, author, ethnic cuisine, comic book, dessert, vacation destination, college proffesor. rock band or make/model of first car, your senior prom date, name of eldest cousin (father's side), first job boss's first name, street where you lived at age 10, name of first pet, city your oldest sibling got married ......
and the one I was asked (after selecting) - name of your first grade teacher. Confidentiality now prevents me from revealing that person's name. At Caldwell Elementary school in Wichita Kansas, with some research someone could figure this out - but it would take some time. If it is answered wrong or too much time elapsed then another personal question will pop up. Then with "three strikes and you're out" the system will lock you out.
I'm sure these questions are designed to limit the misuse of people giving their passwords to others for financial data. But in some cases it tests your memory when queried.
Here's the real problem. Let's say you have five or six web sites that require this hyper security level of access. That means 18 unique questions that they believe you have permanently in your memory banks. The problem is on any given day I might change what my favorite color, candy or dessert etc. might be.
So just remember it is really you if you answer 18 questions correctly.