Re: Kill all the security questions now
Yes, these should have never been created. Whoever the ignorant person was who first suggested them should be shot.
I just treat them as alternate passwords, and create nonsense answers for them that I keep in an encrypted file organized by site. It is so easy to find out someone's mother's maiden name, the school they went to etc. that it is criminal to treat that as adding security. In most cases by allowing password resets if you know one such answer you reduce security.
If the hacker has control of your email its game over, if they don't they might be able to use social engineering on the company ("it said it sent the password to me but I never got it, I know my ISP has really aggressive spam filters that have blocked other emails I didn't want blocked, but I can't do anything about that, can you help me?")
Biting the hand that feeds IT
