It is Time For App Security Questions To Die
One of the worst, most annoying, and inept security practices to evolve in online applications over the years is the process of security questions and answers for logging in and/or password & account recovery. They’re annoying, vague and restricted and they absolute must die, die, die!
So let’s take a few minutes to examine what’s wrong with security questions.
They Aren’t Secure Even if you’re certain of what the answers are, you still have to record the answer somewhere. And that makes them insecure. Why do you have to record them? Because in most instances, your answer must exactly match, character for character, what you originally entered.