Kevin Fenzi <kevin@...> writes:
I think adding a 'security question(s)' feature would be
great.
I would strongly suggest however that the questions and answers be free
form. There's little security in canned security questions that have
answers people can find out. ie, 'What was your high school?'
I just use a password manager and if a site forces me to answer "security"
questions, I put them in the Notes section using strong random passwords for the
answers. For example
What was your high school? 48ZGrNaDQR75
I think the security questions should be optional in any case to save the
trouble of having to make and store several strong random passwords rather than
just one.