

Google: Security questions aren't secure - gjmulhol
http://research.google.com/pubs/pub43783.html

======
coreyp_1
I detest security questions. One time, a bank had a set of 8 security
questions that I was supposed to choose from to be my security question. The
problem was that none of them applied to me in a singular way.

* What street did I grow up on? Several of them, thank you for reminding me of my transient childhood. * Who was your childhood hero? I didn't have one. It never occurred to me to have one. * Some random genealogy question? Thanks for reminding me of my lack of familial knowledge * What was your first vehicle? I have no idea, because we went through several and I'm not a "car guy". * Name of your childhood best friend? That depends on where I was living and what portion of my childhood that you are talking about. * Favorite song? Don't have one. * Favorite food? I'm fat. I have a lot of them. * Democrat or Republican? Are you doing data mining on my answers?

------
gjmulhol
Totally agree. Also, if someone asked me "What street did you grow up on?" or
"What was your first pet's name?" I would probably just answer it. Neither of
those are terribly threatening on the face of it.

