The Security of Your Mother’s Maiden Name

Warning: This article contains personal opinions of the author.

I was driving down the road today, listening to a local news station on the car radio. The newscaster was interviewing a so-called security “expert” about proposed legislation supposedly designed to prevent identity theft and credit card abuse. This “expert” claimed that we needed legislation to prevent access to birth records by “unauthorized” individuals. Sound familiar? Yes, we have heard and seen this song-and-dance act before. This guy wants to lock genealogists out of the records that we have used for the past century or so. 

The so-called “expert” claimed that the Internet makes it too easy for someone to find your mother’s maiden name, and that, of course, is the foundation of all security systems, right? 

Let me press the button for that obnoxious sounding buzzer. BZZZZZ! Wrong answer!

The problem isn’t easy access to your mother’s maiden name; the real problem is dumb security systems that depend upon public domain information for so-called security. Hey, if it needs to be secure, can’t you guys come up with a better key phrase that your mother’s maiden name? Sheesh, even I can do better than that!

The only purpose for asking your mother’s maiden name is to create a “passphrase” that you can remember in case the company ever needs to identify you in the future. In reality, it doesn’t need to be your mother’s maiden name. They could just as easily use your great-great-grandmother’s maiden name or the name of your First Grade teacher or your favorite song or your pet’s name or your gym locker number. The only requirement is that it is something that you will be able to recall instantly at any future date and that it is not known to others. 

Any institution that uses the mother’s maiden name as a “security tool” is really behind the times and needs to quickly hire a real security expert, not some yahoo who uses fuzzy thinking. Even novice security managers would immediately change that policy. 

In the United States, mothers’ maiden names and other personal information are available from numerous public sources. That information has always been in the public domain. The invention of the Internet did not really change anything. A mother’s maiden name could easily be discovered fifty years ago, and the same is still true today. Anyone who uses a mother’s maiden name “for security purposes” obviously doesn’t know much about security.

I have refused to do business with a couple of companies that insisted upon using my mother’s maiden name as a security identifier. I don’t want to do business with any company with such a lame security policy. I advise you to do the same: boycott companies that have inadequate security policies.

However, if you really need to do business with a company that insists upon using your mother’s maiden name for “security” purposes, please remember that you can always create a fictitious name on the spot. The bank doesn’t care what name you give them; all they want is something to enter in the blank space on their form, something that you can recall later. They couldn’t care less if it is the correct name or not. By using a fictitious name, your security will not be compromised by a Web site, by a minimum-wage employee at an insurance company, or by a criminal’s surreptitious visit to the state Vital Records Department.

When I last created a new account and was asked for my mother’s maiden name, I answered “Fudpucker.” 

I guarantee two things: (1.) I can remember that, and (2.) nobody is ever going to find that piece of information online unless they happen to read this article. The name of Fudpucker fits my needs perfectly as well as the needs of the company I was dealing with at the time. Oh, to be sure, I did get a strange look from the clerk filling out the form, but who cares? She wrote it down, and the name Fudpucker remains a part of that company’s records. I do feel much more secure than I would feel if I had used the correct name.

I would suggest that you do the same. You can use the same funny name that I chose or some other name you can easily remember. It makes no difference. You might use the maiden name of some ancestress from 200 years ago. Will the company care? No. Will the criminal care? Yes! You just protected your privacy far better than any dumb piece of legislation restricting access to birth records can ever accomplish. 

If an elected official or other bureaucrat tries to limit access to vital records, please feel free to send them a copy of this article. Tell them it’s time to wake up and look at the real issues and to stop trying to protect a maiden name policy that is ineffective to begin with. Then vote against the politician in the next election. You don’t want a backwards mentality like that in public office!

If you send a damned fool to Washington, and you don’t tell them he’s a damned fool, they’ll never find out. — Mark Twain, 1883

A smarter politician would sponsor a bill to prohibit financial institutions from using a mother’s maiden name or any other piece of public domain information for security purposes. But, then again, when did you ever see a smarter politician?