We've all had those moments where we're setting up a new account for something or other, and they ask you to enter the answer for a few "security questions" and you don't necessarily even know the answers to them. Mothers maiden name? Kindergarten teacher's name? Name of the street you grew up on? Fuck if I can remember that shit. I didn't know my mother's maiden name until I was in my 20's. She wouldn't tell me that for fucking years! I don't remember my kindergarten teacher's name either! I do remember that she was one of my first crushes though. Or was that my 1st-grade teacher? Whatever.
These kind of questions are something VERY easy for a hacker or government agency to find the answers to though.
And what do you answer to your pet's name when you have more than one pet? Or what about when your first pet's name was something incredibly common?
These "security questions" are in NO WAY secure. They should NEVER be used to secure an account. FFS! Who's idea was this shit?
Imagine if your bank account or something else important was locked behind such horribly insecure questions that people that know you, or have access to certain databases, could know. Then any of those people could pretend to be you and steal all your money. This is NOT a good idea!
Sometimes these companies FORCE you to enter these questions. What's really bad is that sometimes there aren't even enough questions that I myself know about myself. This means that I have to make up answers to questions and then remember what the hell I answered to them. At least made up answers are far more secure though.
These answers could be stolen in a hack just like any other data though...and unlike passwords, they probably aren't hashed or even encrypted.
Feel secure? Yeah...me neither...
Image by Blue Coat Photos CC BY-SA 2.0 (source)