Hopefully the idiots who call themselves security experts will stop making me answer "what's my mother's maiden name".
If they really want to make it safe, one easy option would be to make the question arbitrary. Of course then average people will have no idea what to put it there.
Of course, don't put "What is Love?" with the trivial answer...
> Hopefully the idiots who call themselves security experts will stop making me answer "what's my mother's maiden name".
This is done by developers, not security experts. If security experts had their way, it would be equally bad but for the right reasons, ie client-side certificates or smart cards.
Calling them idiots is also wrong. Its a bad solution to a hard problem, but it works and scales and users have been trained to expect it.
Hopefully the idiots who call themselves security experts will stop making me answer "what's my mother's maiden name".
If they really want to make it safe, one easy option would be to make the question arbitrary. Of course then average people will have no idea what to put it there.
Of course, don't put "What is Love?" with the trivial answer...