IBitOBear writes: "It seems that every web site these days wants me to provide answers to "security questions". Most of these questions are not that unique (mother's maiden name), some are unlikely (name of the person I went to prom with), more are just unanswerable (mother's youngest sibling if she's an only child), and some sites are just plain broken (one site recently wanted the city of my birth, but wouldn't allow spaces in the response, and I guarantee that when it comes time to answer I'll forget it was all crammed together just on that site). In terms of practical security this seems like a fad with no substance. When one site did it, it was "clever", but now that they all know my mother's maiden name aren't I _LESS_ secure? It seems like these questions really just serve as second and third password prompts, except that if I answer them honestly the resulting passwords are generally something a bad actor could find out pretty easily. There is typically no "opt-out" of these "added security features" and some sites will let you see your previous answers, so if the cracker gets in there he gets bonus information about you. Aside from inventing a fake personal history for each site, what or where are my options? This _feels_ like the web site equivalent of banning hair-gel from airplanes. I know enough about information theory that I feel more exposed under my new Friendly Security Questions overlords. Anybody see any practical solution aside from going all Luddite?"