The ease with which a student was able to reset Sarah Palin’s Yahoo email password highlights a vulnerability of so-called “challenge questions” designed to verify your identity: if the questions are about personal details from your life, there’s a risk that somewhere out there on the web, that info is visible to the public. That might be a realistic risk only for public figures, but it’s also possible that friends or family members could answer your questions with a little guesswork. If you want better security, make up fake answers that you’ll remember.
Online 'Security Questions' Can Be Too Easy To Crack
By September 19, 2008