The Problem With Secrets

“`Woe` goes there?”

Humans are bad source of entropy. — Ursa

[]
14% have a password from the top 10 passwords
40% have a password from the top 100 passwords
79% have a password from the top 500 passwords
91% have a password from the top 1000 passwords

You could be telling too much through your security questions. As well, the questions could be discovered or guessed by others, and they may point to something else you do know what others to know.

It is also questionably helpful if not harmful. Users may not remember the answer, answers also then to change with perceptive and perception change, and that question is no longer relevant, hence, it may fade from the memory.

Good defensive security questions are unique and random — not dictionary based, they may not be secretive (and should not be), however, because they aren’t. people will tend to be careless with them. If they are to be non-dictionary based, they are hard to remember, unless, you had experienced them in the painful way in the past, e.g. do you recall the 20 digits of the lottery you nearly won in the past, but 1 number is misplaced? (Then again, can you really remember that?)

If you are confident of your pass-phrases, are you sure, you can remember the lyrics verbatim? Understand that your security…