“Security Questions”

From OWASP Development Guide

Applications MUST NOT implement questions and answers as they are contrary to most privacy regimes and ineffective

http://code.google.com/p/owasp-development-guide/wiki/WebAppSecDesignGuide_D2

Personal note: web apps that allow you to bypass password authentication via security question/answer drive me batty. I have half a mind to start contacting the webmasters to show them the above.

Aleksey