Re: The very definition of "security by obscurity"
Just come up with set of strong passwords and use them as the answers.
It is a moronic way of doing things, just as moronic as the banks that send out "Your Statement is ready to view" emails with a masked link button to your account login page.
At one job they set a self service password recovery system up using this three question system and one of our guys demonstrated how to socially engineer the answers out of people and change passwords.
Then the company attempted to discipline him until we brought them to their senses.
Biting the hand that feeds IT
