In the UK a common “authentication” question used by banks and many other institutions is “what is your Mother’s maiden name?”. The idea is that it’s supposedly difficult to find out what someone else’s Mother’s surname was before she was married. It’s not as hard as you might think partly due to just how freely people give out this information and the number of third parties that request it.
I telephoned my Bank some time ago making the request “I’d like to change my Mother’s maiden name please”. The person I spoke to sounded rather confused. They retorted “how could your mother have changed her maiden name?”. What I really meant was “I’d like to change one of the secrets the Bank use to authenticate my identity” but this seemed a complicated way of explaining what I wanted to a non-technical non-security saavy person.
To cut a long story short, the Bank didn’t have a process for me to change the secret they held. As they advised me they use a number of other security measures to authenticate me though many of these are easy to determine including “what’s your date of birth?”.
The only way I can reset this particular “secret” is to change banks…
Incidentally, finding out someone’s Mother’s maiden name is trivial if they are not married – that’s becoming the case more and more these days.