My car ins. is thru State Farm. They've started asking for my mileage periodically, apparently to move away from a two-tier pricing system (regular (avg 12K/yr) or low-mileage (under 7500 mi I think)) to better-matched tiers. (Thankfully they're not yet quite as "Progressive" as to ask to put a device in my car that spies on my driving.)
I've haven't gotten around to making my password manager program (and I don't want to have to trust someone else's, and I am a programmer afterall so I shouldn't have to), so unimportant things like this get put on stickies, which invariably seem to be eaten by my desk like socks by my dryer.
This is no problem as I can just request that login credentials be e-mailed to the address they have on record, like Slashdot does. EXCEPT when they implement those stupid "security questions".
My take on them is that they're a huge security hole in an otherwise fairly secure (if you choose an obscure username and a strong password) system. They typically necessite answers in common words (if you want to be able to remember your answers, that is), and on topics that are susceptible to public records and social engineering techniques.
So I do what I think is the best I can do to mitigate this weakest link in all-too-common login schemes and fill these fields with random garbage characters.
So on State Farm's web site I find a # for "technical support". So I call asking for a password reset, and the lady asks me the same questions as the auto function for doing this on the web site. I explained why I'm incapable of recalling the answers to the security questions, and was told they couldn't help me without them.
Well what good is their so-called tech support dept then? If they're just monkeys reading scripts, and can only type things into the public web site like I can, then that's not "technical support".
I called technical support for their web site because I was locked out of my account. I'm still locked out of my account, because their technical support couldn't offer any actual technical support!
After that I found a comment/suggestion form, and typed in my contact info and the current problem and gave my background explano, and got:
We are unable to complete your request due to technical difficulty.
Please click on any navigation link at the top or you may return to State Farm homepage.
With an organization this technically inept, I don't even want to risk having an online account with them. Now I want to close it, and just do everything thru my agent (a system that's been working fine for around 20 years now).
p.s. I guess from now on I should alter my behavior slightly and type in and write down strong passwords (and record which question I "chose" (in case a given site ever changes the order of which one appears first/chosen by default in the dropdown)) for these fields.
p.p.s. Another consideration in using these fields as intended is that I don't esp. want to give away to companies (and their partnering companies?) answers to some of these kinda personal questions. If I were devious I would've tried to corner the market on security questions way back and urged web sites to outsource them to me like that Discus or whatever for web comments, and then build dossiers on people and sell to Google and other such bastards who only generally know about us by what we give away in our searches and emails.