National Geographic Daily News
A high school marching band poses with an eagle mascot.

Why is it so hard to remember the answers to your security questions—like what your high school mascot was?

Photograph by Michael Prince, Corbis

Tanya Basu

National Geographic

Published October 30, 2013

"I know it like the back of my hand," someone will say about something they know very well, like their hometown.

Most people will remember various details that were important in their lives because the event was celebrated, traumatic, or otherwise noteworthy.

But the troubled healthcare.gov website, launched in the midst of the U.S. government shutdown, has, in addition to serious problems with logging on and access, introduced a problem of memory.

Here are some questions you may need to be able to answer to access your password for the "Obamacare" website:

  • What was your address in third grade?
  • What was the name of the manager at your first job?
  • Who is your favorite superhero?
  • What is your spouse's favorite color?
  • Where was the location of your first kiss?

Many people's first reaction to these questions is to blurt out answers, but others resort to scratching their heads and trying to recall answers.

Why is it that such personal questions—which should be easy—can be so difficult to remember?

How Is a Memory Created?

Most memories are lost over the course of minutes; it's a matter of efficiency. Your brain simply can't hold so many memories, and doing so would be impractical for the more important information you need to remember: knowing how to drive, your Social Security number, the names of family members. (Read "Remember This" in National Geographic magazine.)

These important facts move from being temporarily known—phone numbers of a contact, a website you need to access—to being permanent fixtures in your brain within seconds, thanks to the hippocampus, which filters information for processing.

From there, memories move to one of two places: the basal ganglia and cerebellum house instructions for memories and skills, while the amygdala stores emotional memories, notably those that are instigated by fear (think phobias).

So your password? For ones you use often, the habit part of your brain kicks in. But the ones that you rarely use make you click on the "Forgot your password?" link—and the next step is to recall your grandmother's first name, your first pet's name, or some other factoid from your personal history.

And that's where your memory may get dicey.

Remembering

"We tend to remember what we place a priority on remembering," says Elizabeth Phelps of New York University.

So that first kiss that was so memorable to you may not be as memorable to another person who didn't find it worth storing in the depths of their brain.

"There's no rules," Phelps said. "It depends on person to person. That's why [companies] are trying to solve this problem of making [questions] specific enough for you that other people might not know."

Even more troubling: just because you know something doesn't mean you remember it.

Phelps brings up the example of pennies.

"If I placed the head in the opposite direction, flipped the date—would you even notice?" she asked.

Memory remains a mystery, particularly what people choose to remember versus not. But time is key, and five years seems to be a bliss point in the memory world.

"Memory drops off as time goes on," she said. "If you ask someone five years out [about an incident], chances are low they're going to hold on to that memory.

"If you've known it for five years, chances are good you'll remember it for the rest of your life."

Regardless, your personal connection with the incident still remains important: It's doubtful you'll remember everything you learned in school, despite having repetitively learned the information.

As Phelps said, "Just because you have a lot of exposure to it doesn't mean you really know it."

Trying to Beat Hackers

Just a few years ago, forgetting a computer password did not require trolling into your personal past and recalling details. Usually, the last four digits of your Social Security number or your mother's maiden name would do.

But those days are gone, and such identifying information is easy to search for—and therefore, not secure.

"I can find your mom's maiden name on Google," said Paul Rosenzweig, a cybersecurity expert and former deputy assistant secretary for policy at the Department of Homeland Security. "Your mother's maiden name and your Social Security number might as well be tattooed on your forehead."

Though cybersecurity experts advise a variety of ways to secure your password, from creating anagrams of favorite song lyrics to creating alternative personas, most people stick to a rotating selection of a few passwords.

How are these password protection questions chosen? It's a system called knowledge-based authentication, which uses the interplay between psychology and computer informatics to keep passwords private.

The questions are designed to be "something the customer can remember the answer to but others can't know," said Suku Nair, chair of the computer science and engineering department at Southern Methodist University and an expert in cybersecurity.

"In knowledge-based authentication, it's almost like a curve if you go for very private questions and answers," said Nair. "Even if someone hacks [the system], they can't directly access the password."

Using knowledge-based authentication is the easiest, most efficient way to keep people's passwords safe. The future seems to be pointing toward biometric passwords that would read fingerprints instead.

The pros? No need to remember passwords, a unique identifying feature, and a password that is nearly impossible to lose.

But as secure as your fingerprint may be, it's the very permanence of it that ironically makes it less secure.

"If someone steals your digital fingerprint, you can't change it," points out Rosenzweig. "With a password, you can at least change it"—and change the questions that pertain to that password to protect your safety.

Until then, the challenge of remembering your password with clues that are increasingly arcane will start with your memory.

"[The brain] knows that it's not important for you in the future," Phelps of NYU said of forgotten facts in your history. "We tend to remember what we place a priority on remembering.

"Otherwise, you're going to forget."

Follow Tanya Basu on Twitter.

7 comments
Bruce Gong
Bruce Gong

It is a great thing to have memory and I am just a man who likes recalling past seriously. Just like the old famous song says, "When I was young I listen to the radio......."

Faeyth Elenore
Faeyth Elenore

You are aloud to lie. If it asks you your Mother/Father middle name, answer Whatever you want. You can type PurpleIceCream as an answer to every security question, the computer doesn't know if your telling the truth. I lie all the time, it's nobody's business plus it is meant for me to remember.You have to remember the absurd thing you type as answer.

Robert Wright
Robert Wright

Sites should allow the client to choose their own questions as well as the answers.

jim adams
jim adams

So many sites ask me to register, and there are many variations on the questions they ask. And some of them have security questions above and beyond the variations of email, name i want to be known as and password.

Some years ago, in self defense -- i started a list with 5 columns: name of the site, sign-in, pass word, and two "others". That list is about 10 pages long, and every so often i enter a bunch of them into my typed version where the sites are listed alphabetically.


Without this list, i woulda gone crazy quite a while ago -- or at least lost a bunch of sites i want to keep on tap.

Allan Flippin
Allan Flippin

    My tactic:  Pick any old answer, and save the questions and answers in a file.  These website are woefully misguided if they think they are choosing things that a normal human being would tend to remember.

Brian Howard
Brian Howard expert

I edited this story, and would add that I've long had a pet peeve with security questions. I have few favorites, so I can almost never pick something for any of those. I had a favorite band in college, for example, but now my music tastes are wide and diverse and I couldn't pick one group. I don't have a favorite movie or book, I like lots of both, and same for other categories. I don't have a fave celeb or one single activity I could list.

When it comes to something like a first kiss, I don't think of one answer that describes the event that could be remembered for a password word. Was it at "the frat," "Kappa Sigma," "the house," "the basement," "a party," "in college," etc? (I also don't remember the name of the girl because I only talked to her about five minutes.)

When it comes to a first job, what does that mean? When I was a camp counselor in high school? When I worked as a temp for one day before that? My first "professional job"? When I worked at Arby's?

First pet, does that mean the cat that my parents had from before I was born, which I played with? Or the hamster they gave me as my "first pet," or the first pet that I really got myself when I became an adult, which I associate much stronger with? (And was that the cat I really grew to love, or the frog I had before that, who met an untimely end and whose name I can't recall now?) What about all the fish in between?

Further, on best childhood friend, should I type "Norm," what I usually called him, or "Norman," his real name? First and last name?

I wonder if my mind doesn't work quite the way these password questions assume. They are rarely things that have a single answer for me that I could remember, they are just more passwords I have to put in a document somewhere to have to retrieve.

Joanne Brothers
Joanne Brothers

@Brian Howard at least if they ask, 'first employer' I can settle on one, and better yet, I like the sites where I choose the questions. Sometimes the answers are lies (my mother's maiden name is on her ID, she's divorced) and sometimes I write down not the answer, but how many capitals and spaces I've entered it with. I like using information from my childhood because those memories aren't going anywhere, and no one else knows them. Not, for instance, my high school, but personal factoids with no records anywhere.

How to Feed Our Growing Planet

  • Feed the World

    Feed the World

    National Geographic explores how we can feed the growing population without overwhelming the planet in our food series.

See blogs, stories, photos, and news »

The Innovators Project

  • Teen Wonder: Taylor Wilson

    Teen Wonder: Taylor Wilson

    After achieving nuclear fusion at age 14, Taylor, now 19, is working with subatomic particles for solutions to nuclear terrorism and cancer.

See more innovators »

Phenomena

See more posts »

Latest News Video

  • How a T. Rex Packs for a Road Trip

    How a T. Rex Packs for a Road Trip

    The nation's most complete Tyrannosaurus rex specimen is taking a 2,000-mile road trip from Montana to its new home in Washington, D.C.

See more videos »

See Us on Google Glass

Shop Our Space Collection

  • Be the First to Own <i>Cosmos: A Spacetime Odyssey</i>

    Be the First to Own Cosmos: A Spacetime Odyssey

    The updated companion book to Carl Sagan's Cosmos, featuring a new forward by Neil deGrasse Tyson is now available. Proceeds support our mission programs, which protect species, habitats, and cultures.

Shop Now »