Proving who you are

Wizards of the Coast provide a mail service where you can send rules queries for their games, including D&D.  This is cool, because it seems no matter how well a rulebook is written there are always some issues which are confusing.

I thought I’d send them a query about a rule – and you have to sign up to their site, okay, I guess that keeps the spam down.  So I started the signup process.  They needed the regular stuff, username, e-mail, date of birth.  My postcode?  Filled them all in – then, three, security questions and one additional question you might get asked on the phone, all required so they can prove who you are if you forget your account details.

Come on.

It’s a forum user ID.  If I answered those questions they’d know more about me than the bloody tax office.  Anyone who did manage to get access to my data would know enough to convince other people they were me.  It’s not like WoTC are running a banking operation or something like that.  I just wanted access to their forums and the option to mail them a rules question.

Clearly, I just made up answers to the questions that I’ll remember but that aren’t true, in fact to simply things I just picked the same answer to all four questions even if it made no sense.  Reducing the point of them having multiple questions.  Sometimes you can have too much security.