You may have seen different kinds of questions such as "What is your library card no ?" , "what is your mothers birth town ?", while registering for an online account.These questions are used in password recovery processes and additional sign in verifications. Normally we all care about our passwords and worry about the security of the password.
But do we really care about these security questions ? It seems most of us don't care much about these.Most of the time we give our real details as the answers to theses questions and simply forget about the security question.Even I was unaware of security questions selected for my email address until i decided to write this post.The most surprising thing is that I can't come up with the correct answer for those questions.I think this is common between most of us.We really DON'T CARE about those.
But in reality this is a great security risk.Even if you have a very good password that can not be guessed easily,you may be vulnerable to security threats.It is like locking the front door while leaving the backdoor open.The confidentiality of the answers for a security question will be far less than a password.If some one asks you a password you probably wont tell.But if some one asks you the birth town of your mother you may answer it.Also most of the details that are asked in security questions can be found publicly or can easily be guessed.That is what happened with the email account of Sarah Palin the vice president candidate during 2008 elections.
A good security question should have a answer which can be easily memorized, which is not publicly available and which does not change overtime. Further the possible number of answers for the question should be very large so that it can not be guessed. There are some websites which offers good security questions. But it is worth to note that the goodness of the question depends on the expected answer as well.