Security question and answer.

[akwala]

In order to change my security question and answer, I did the following in the Account Related Settings form under Modify Profile:

• entered a security question and answer;
• entered my password and OTP (next to the "Change profile" button);
• clicked the "Change profile" button.

This resulted in the form getting re-rendered without any error, but with the following message in red, next to the security answer field:

You have a secret question set. This is not recommended.

The security question I had entered appeared in its field.

How can I change my security question and answer?

[retaur]

The old security question or the new one you tried to set?

Security questions aren't recommended because the common ones are either guessable or searchable (especially if you've multiple accounts with the same email, password and security question or someone that sends you a "questionnaire" that asks for information that could be the answer to your security question).

[Xal0lex]

PSA: ACCOUNTS WILL BE LOCKED IF THE SECRET QUESTION IS USED TO RECOVER IT

[JeromeTash]

Why would you opt for a security question when there is a much better option to secure your account via OTP.
"Security question" was an old account recovery method which is no longer in use. After the introduction of OTP a few years back, it's better you set it up to increase your account security

[SeriouslyGiveaway]

In order to change my security question and answer, I did the following in the Account Related Settings form under Modify Profile:

• entered my password and OTP (next to the "Change profile" button);

Something you must know about OTP for your account security.
2FA added by theymos from a SMF patch programmed by PowerGlove.
A concise 2FA/TOTP implementation (SMF patch)

There is a note from theymos on 2FA.

If you use the forgotten-password function, then there's an option to remove the 2FA. So 2FA does not provide any protection in case of a compromised email. Make sure that your email address is secure. If you don't want to set an email address, use something like yourUserName@invalid.bitcointalk.org; don't use a random nonsense email like y@x.com, since somebody might create that domain/email.

[KingsDen]

Why would you opt for a security question when there is a much better option to secure your account via OTP.
"Security question" was an old account recovery method which is no longer in use. After the introduction of OTP a few years back, it's better you set it up to increase your account security

I think theymos should remove the option of security question now that there is 2fa verification. I see that the only function security question is solving now is; if you want to self-destroy your account.
When I was new, I set it but then when I saw that it wasn't recommended, I removed it. I fear that it shouldn't trigger one day and become a problem to me.

Op, as advised by others, consider leaving the secret question alone if you don't want plenty drama with the admin concerning account recovery in the future.