Everybody has been there: you lost your password. Damn… it’s always a personal bummer when you can’t remember what password you entered 4 years ago on that one dating site, your (unused) AirBnB account, the UberEats app, or your favorite news app.

When you want to recover your password it can generally go two ways:

  1. Verify your account through email/phone
  2. Verify your account through email/phone, plus an additional ‘secret’ question

The first way is not hard: you can retrieve your password fairly easily, without too much hassle (if you remember the correct email address or phone you’ve used when you registered). The second way, is the reason of this article: you can make very bad UX decisions there…

Today, I forgot my password to login to my HSBC account. I clicked ‘forget password’ and verified my email address. So far, so good. But now, the trouble begins… I have to answer my ‘secret question’. Check this screenshot I took when this happened:

HSBC Secret question options

For those who speak no Spanish, the questions are:

  • What’s your favorite sport?
  • Who is the person you admire?
  • What is the name of your favorite book?
  • What is your favorite movie?
  • What is your favorite movie/TV personality?
  • Who is your favorite writer?
  • What is your favorite song?
  • What is your favorite TV program when you were a child?
  • Who is your favorite music artist?
  • What’s the name of your oldest cousin?

OK. So that’s a bunch of questions you can answer right? No biggie. Just pick the question you selected first when you created your account and answer the question! Well.. It’s not that easy. Why? Because none of the questions are setup in the way they should have been.

Ask for factual statements, not sentiments

If I created an account with you 4 years ago, a lot has changed in my life since. I’ve changed apartments, girlfriend/boyfriend, music style, Netflix movies, towns, book preferences, etc. To go short: I’m not the same person I was 4 years ago. I couldn’t answer ANY of the questions HSBC is asking me. I have no idea why I answered 4 years ago. The only question that is ‘factual’ is the Primo mayor question, but even that question might be hard for people who are no close to their family (like me).

That is the exact reason why you cannot ask for emotions-based answers in this ‘secret question’ game. You have to stick with facts. Things that will never change, regardless location, sentiment, taste or general human development.

It’s better to ask:

  • What’s the street you were born on?
  • Who was your first teacher?
  • What was the bakery closest to your first house?
  • What what the house number your first lived?
  • What’s the name of your first pet?

The answers to those questions will never change.

Use best practices, don’t create your own

I can’t believe how companies in 2019 can make such crucial mistakes. You want to deliver a good experience to your clients and help them the best way possible. Why not stick with best practices that other companies clearly already have integrated? I’m sure you recognize some of my questions from apps/websites you’ve used, why not copy those questions? It doesn’t take any extra development time to integrate those questions. Instead you chose to go for sentiment based, time-dependent questions, of which the answers vary over time.

Frankly, just stick with facts, not emotions, when it comes to answering ‘secret questions’.