Bruce Schneier writes about the ubiquitous "secret question" and answer one must often provide to e-commerce sites in order to authenticate identity if a password is lost. Conclusion:
Passwords have reached the end of their useful life. Today, they only
work for low-security applications. The secret question is just one
manifestation of that fact.
Generally, the question is given to you ("what is your dog’s name?" Or the mysterious "what is your dog’s first name?"), or you have to choose from a few obvious alternatives. A goofy idea if ever there was one, and likely a methodology that spread merely because it became popular ("if it works for them, it’s good enough for us").
Today I filled out an online application for a passport, and there were three secret questions. Each of them asked the most obvious information about me and my life. If we are going to use secret questions, why not at least a secret question that is truly obscure, and allows an answer that is even more obscure. Something like "how many stairs are there from the first landing to the basement?" or ‘what director other than Taylor Hackford do you think should have been given the nod for "Ray"?’ ….