I have said for a long time that SS numbers, birthdates, mother's maiden name, place of birth, date of marriage, street you lived on 10 years ago, all the standard "secret" info should be presumed public if not in fact made public. None of that is hard enough to dig up that it should be relied upon to prove identity.
ever since the pandemic started, at work we've had a a chat channel for "socializing" with each other. One day someone posted a topic. Something like, "Tell us about where you grew up". And the head of security immediately replied and said, "let's talk about something that isn't a common security question".
I admit that I think that was 100% unnecessary, expecially in this situation, to put the kibosh on the conversation. But it made me realize how insane it is that something that is a common "get to know you" type question (tell me about where you grew up? (street, school etc) Tell me about your parents? (maiden name)) are also a common "security" questions.
Also, side note. I NEVER use real answers to those questions. I treat it as an extra password and store it securely that way. No way I'm going to turn my mother's maiden name (easily searchable if you know my full name) into a password!
Whenever I am forced to do surveillance based "authentication" (where they ask you all those questions about your past), I pretend to forget everything I know about my own life and just answer the questions using web searches (eg what city is some popular street in). I reckon this is a good way to avoid confirming any data that they only half know. So far I have not failed to "verify" using this technique.
