Why I hate "security questions"
#
Details of this week's break-in, if authentic, were consistent with speculation by computer security experts who said Yahoo's "forgot-my-password" service almost certainly was exploited. The mechanism allows customers to retrieve or change their password if they can verify their identity by confirming personal information such as birthdate, zip code and the answer to a "secret question," such as a childhood pet's name or school mascot.
Palin's hacker was challenged to guess where Alaska's governor met her husband, Todd. Palin herself recounted in her speech at the Republican National Convention that the pair began dating two decades ago in high school in Wasilla, a town near Anchorage.
"I found out later though (sic) more research that they met at high school, so I did variations of that, high, high school, eventually hit on 'Wasilla high'," the person wrote.
These questions are usually more insecure than the password itself. For example, mother's madien name or where you met your spouse? How many people know that, or could easily find out? Usually there's only three questions. It's pathetic how easy the anwsers would be to guess or root out for most people.