-snip-
You are right, you really should not be using a security question
If used correctly it can work as a second password. A security question which has an answer that can easily obtained by social engineering and/or research online is certainly worthless. Examples would be:
What is your mothers maiden name? -> answer: *mothers maiden name*
What is the name of your first pet? -> answer: *name of first pet*
etc.
A good use of the system would be to phrase a meaningless question and put another password as the answer, e.g.:
Want some coffee? -> answer: *WtQjXeWGHSYmJuFEDvzBa2V*
If you store the answer in a secure location you have a fallback login should you ever forget your usual password.
Old thread, i know, but i sat up a security question the way you wrote. I entered a strong password as the answer. I thought it might be good to have a higher level of security though now i wondered if thats the case at all.
Is the secret answer treated the same way like the password? I mean hashed and all? Or did i open a security hole now?
Besides that, i start to ask if i can raise security with it at all. I mean if you have 2 passwords or one doesnt really make a difference when you can use both on its own.