In creating an account at Healthcare.gov, users are asked to select three security questions and provide answers to them. I assume these are used in cases that users forget their username or password.
While challenge questions can help add security, they should be something that only the authorized person can answer. How do these questions from Healthcare.gov look?
These look like questions that are likely to be known by one's friends and family. Many of these are likely posted somewhere on the Facebook profile of many Americans. How can these be secure?
And, if this wasn't bad enough, the insurance application process requires a security question and answer that third parties can use to access your information. For third party access to your account, you have to select one of only 4 options -- options that are likely to be known by friends and family, and your ex.
To me, these questions demonstrate a lack of respect for the American people. Anyone building a software system like the new Healthcare Insurance Marketplace should know better.