The Security of Your Mother’s Maiden Name

Warning: This article contains personal opinions.

dunceI was driving down the road recently, listening to a local news station on the car radio. The newscaster was interviewing a so-called security “expert” about proposed legislation supposedly designed to prevent identity theft and credit card abuse. This “expert” claimed that we needed legislation to prevent access to birth records by “unauthorized” individuals. Sound familiar? Yes, we have heard and seen this song-and-dance act before. This guy wants to lock genealogists out of the records that we have used for the past century or so.

The so-called “expert” claimed that the Internet makes it too easy for someone to find your mother’s maiden name, and that, of course, is the foundation of all security systems, right?

Let me press the button for that obnoxious sounding buzzer. BZZZZZ! Wrong answer!

The problem isn’t easy access to your mother’s maiden name; the real problem is dumb security systems that depend upon public domain information for so-called security. Hey, if it needs to be secure, can’t you guys come up with a better key phrase that your mother’s maiden name? Sheesh, even I can do better than that!

The only purpose for asking your mother’s maiden name is to create a “passphrase” that you can remember in case the company ever needs to identify you in the future. In reality, it doesn’t need to be your mother’s maiden name. They could just as easily use your great-great-grandmother’s maiden name or the name of your First Grade teacher or your favorite song or your pet’s name or your gym locker number. The only requirement is that it is something that you will be able to recall instantly at any future date and that it is not known to others.

Any institution that uses the mother’s maiden name as a “security tool” is really behind the times and needs to quickly hire a real security expert, not some yahoo who uses fuzzy thinking. Even novice security managers would immediately change that policy.

In the United States, mothers’ maiden names and other personal information are available from numerous public sources. That information has always been in the public domain. The invention of the Internet did not really change anything. A mother’s maiden name could easily be discovered fifty years ago, and the same is still true today. Anyone who uses a mother’s maiden name “for security purposes” obviously doesn’t know much about security.

I have refused to do business with a couple of companies that insisted upon using my mother’s maiden name as a security identifier. I don’t want to do business with any company with such a lame security policy. I advise you to do the same: boycott companies that have inadequate security policies.

However, if you really need to do business with a company that insists upon using your mother’s maiden name for “security” purposes, please remember that you can always create a fictitious name on the spot. The bank doesn’t care what name you give them; all they want is something to enter in the blank space on their form, something that you can recall later. They couldn’t care less if it is the correct name or not. By using a fictitious name, your security will not be compromised by a Web site, by a minimum-wage employee at an insurance company, or by a criminal’s surreptitious visit to the state Vital Records Department.

When I last created a new account and was asked for my mother’s maiden name, I answered “Fudpucker.”

I guarantee two things: (1.) I can remember that, and (2.) nobody is ever going to find that piece of information online unless they happen to read this article. The name of Fudpucker fits my needs perfectly as well as the needs of the company I was dealing with at the time. Oh, to be sure, I did get a strange look from the clerk filling out the form, but who cares? She wrote it down, and the name Fudpucker remains a part of that company’s records. I do feel much more secure than I would feel if I had used the correct name.

I would suggest that you do the same. You can use the same funny name that I chose or some other name you can easily remember. It makes no difference. You might use the maiden name of some ancestress from 200 years ago. Will the company care? No. Will the criminal care? Yes! You just protected your privacy far better than any dumb piece of legislation restricting access to birth records can ever accomplish.

If an elected official or other bureaucrat tries to limit access to vital records, please feel free to send them a copy of this article. Tell them it’s time to wake up and look at the real issues and to stop trying to protect a maiden name policy that is ineffective to begin with. Then vote against the politician in the next election. You don’t want a backwards mentality like that in public office!

If you send a damned fool to Washington, and you don’t tell them he’s a damned fool, they’ll never find out. — Mark Twain, 1883

A smarter politician would sponsor a bill to prohibit financial institutions from using a mother’s maiden name or any other piece of public domain information for security purposes. But, then again, when did you ever see a smarter politician?

22 Comments

Well we have a big bunch of idiots in this country and in particular bureaucrats and politicians, I have been a suject of I/d theft twice, both from use of cordless phones anyone can go buy a scanner at Radio Shack etc. That can pickup your cordless phone conversation and get you credit card information the police no this and it is not from ssdi or a mother’s maiden name that criminals get there information

Liked by 1 person

I was lucky enough to have the Parishes in England send me the families along with the maiden names course that was before Computers back in the 1940’s Dot

Like

I’ve always given a false maiden name for my mom.

Like

The biggest threat (and one that Congress refuses to do more than pay lip service to) is the use of Social Security numbers as Medicare/Medicaid ID numbers. This exposes this critical financial identifier to multiple, often disrespected and disgruntled, low-wage workers every time a person visits their doctor, pharmacy, or hospital for treatment that is vital to their health and well-being, and it affects every single senior citizen in the United States. Our legislators had no problem ordering private insurers to stop doing this long ago, but when it comes to Medicare and Medicaid, they have allowed the responsible agencies to get away with studying the problem for well over a decade without actually *doing* anything constructive to solve it.

Like

    Agreed. I raised this issue with my Congressman and he said there was very little anyone could do about it now.

    Like

    Hogwash! I’d use a stronger word, but this is a family-oriented blog. All the private insurers stopped doing it. The military stopped doing it. There is no reason why Medicare cannot stop doing, except that they don’t want to be bothered to make the effort, and Congress doesn’t want to spend any money on the effort, preferring to let the people who are being defrauded bear the burden.

    Like

Today’s company records will someday become public. In a couple hundred years there will be thousands of genealogists wondering why their Fudpucker ancestors aren’t showing up in the 2010 federal census.

Like

I would never think of giving my credit card information over the phone. You really ought to stop doing that, Glen. Just think of the number of people standing at the register while that clerk dutifully reads the numbers back to you! No scanner needed!

Like

    In today’s way of doing things most people no longer have corded phones, my wife and I only have cell phones,
    And Your i/d on Medicare is also a place that is used very little, as I was told by police it is phones and the hacking of banks and store accounts, then the hackers sell the data to other criminals, my data was used by a person on the East Coast and I live on the West coast.
    If the person who’s mothers birth data was online in California then someone in corrupt California screwed up because birth data is supposed to be closed in California for 100 years also.

    Like

Well said, Dick! Like you, I’ve also used a fictitious mother’s maiden name on occasions.

Like

No one needs to go to the trouble of getting my birth certificate (a public record in California) to obtain my mother’s maiden name. California publishes a Birth Index that gives my name, birthdate – and, yes, my mother’s maiden name. And that’s fine with me – my “mother’s maiden name” for security purposes actually belongs to my grade school best friend’s mother.

Like

A variation is asking for your father’s middle name. They have gotten his first name, but I like your idea and other suggestions above even better

Like

I lived in Mexico for a number of years. All official documents require the surnames of both mother and father.

Like

As a longtime researcher I have always taken a slightly different path, my mother’s mother’s maiden name. Something else I doubt I’ll forget. To be fair this was just an extension of what my mother had done for years. She wrote many, many letters to the editor and always used her grandmother’s full maiden name in lieu of her own.

Like

Thanks, Dick. I’ve been saying this for a long time. I always pick one of my favorite ancestor and his/her birth year (if numbers are required) as my “password.” When they ask for the mother’s maiden name I tell them just what you said. The people in the business need to be educated – starting with the manager!

I was at a genealogical conference (a small local one) many years ago. One of the vendors, who sold paper,. folders, etc. was there. A friend who was there bought some supplies from him. They talked about her genealogy, and showed him her pedigree chart. He said that he descended from one of the same ancestors and asked if he could copy down some of the info. Pleased, she let him. She made her purchase, paid by check, and went on her way. When she got home, her bank account was cleaned out. The man had her checking a/c #, her bank’s name (which was a fairly local one), and her mother’s maiden name. What more could a thief ask for – and he never got out of his chair to get any of it. It turned out that he went to different types of conferences (who doesn’t need office supplies?) and had done this before. He was convicted, paid a huge fine, and I think he did some time in jail. He’s probably out and doing it again.

As genealogists we know that the Govt. always blames the Internet, but oblivious security people are more to blame than anyone. We are sometimes our worst enemy. Do you pay bills by checks, mailing them to the company? What’s to stop a thief from taking that mail from your mailbox (after all the flag is up indicating outgoing mail). The have your account #, bank & checking a/c # or the credit card # you have filled in on the form. We also need to protect ourselves, not depend on someone else, or God forbid, the government, to do it for us!

Like

    —> She made her purchase, paid by check, and went on her way. When she got home, her bank account was cleaned out.

    Sadly, that is very easy to do. A mother’s maiden name isn’t even required.

    When you write a check and give it to someone, you are giving them all the information they need to write more checks using your account number. The numbers along the bottom show the bank’s number (the routing number) and your account number. The person who receives the check can then purchase new blank checks without any numbers on them (available at most office supply stores as well as online) and also use software that will print the numbers on the new blank checks (also available at many office supply stores and online). See Before You Print Your Own Checks at https://www.thebalance.com/before-you-print-your-own-checks-315315 to learn how that is done. The thief then can write all the checks he or she wishes.

    Unlike credit cards and debit cards, most checking accounts are not insured against theft or fraud. (There are a few exceptions.) Once you give the information to the thief, you will lose the money from uninsured checking accounts.

    The Social Security Administration quit sending checks some time ago because the agency was losing millions of dollars every month due to stolen checks. Now the Social Security Administration only sends money by direct deposit.

    That is why I almost never write checks and I never, ever send checks through the mail where they are easily stolen. I tend to make all my payments online with direct funds transfers or with credit or debit cards, all of which are fully insured against theft and fraud. If someone does rip off my credit card number, at least I know I will get the money back.

    See my earlier article at https://privacyblog.com/2014/12/17/using-a-credit-card-online-is-safer-than-sending-a-check-in-the-mail/ for details.

    Like

Dear Mr Eastman, I find it interesting that you use the phrase “minimum wage” and another comment uses the phrase “low-wage” as pejoratives, as if such a person is almost automatically a crook. Quite apart from the discussion about minimum wages and living wages this might trigger, the last year or so has seen very vigorous debate about which of two well-off people, one BIGLY well-off, is the bigger crook.
Apart from which, thank you for the food for thought you provide.

Like

    —> find it interesting that you use the phrase “minimum wage” and another comment uses the phrase “low-wage” as pejoratives, as if such a person is almost automatically a crook

    No. I didn’t say that. But I do consider such people to be more motivated to take advantage of financial gain opportunities than some others.

    Like

    Like Dick, I have great respect for the basically honest, hardworking people who struggle to support themselves and their families on what they earn from minimum wage and low wage jobs.

    Unfortunately, some employers do not share this respect and treat their low wage employees like disposable diapers to be used and thrown in the trash at will, rather than as human beings of value, creating a toxic work environment. When employees suffering under such conditions can often earn more than a week’s pay by copying down and selling a couple of SSIDs, we shouldn’t be surprised that some of them succumb to the temptation. It doesn’t make them bad people, they are merely human, just like you and me. I urge everyone to put themselves in those shoes and think about it for a bit. What would you do with an empty pantry, your landlord threatening eviction, and an easy fox for these problems sitting on the desk in front of you, staring you in the face? Could you resist that temptation, day after day, week after week?

    This is a whole different world from people who bully and steal to provide themselves with more and more luxuries they don’t really need.

    Like

Heck, in many small towns where many people are related, everyone knows your mother’s maiden name. I can tell you the maiden name of the mothers of half of my schoolmates from almost 40 years ago.

Like

Before the prevalence of the Internet I was asked to give my mother’s maiden name. Of course, I did. When the ‘Net became so widespread I asked that it be changed and they claimed I could not do it. One account I have I use my grandmother’s maiden name and I pronounce it usually with an accent like they did in the old country and they never have asked me to repeat it!!

Like

I have just spoken to a local bank who use those type of security questions and they stress that those are only examples and that you can create any security question you like. Thinking about it, a third level of security is better than just a number and a password.

Like

Leave a Reply

Name and email address are required. Your email address will not be published.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

You may use these HTML tags and attributes:

<a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <pre> <q cite=""> <s> <strike> <strong> 

%d bloggers like this: