Yes, my mother's maiden name is Een3oquu+P_a9oez0queiPhaeChaijoh, why do you ask?

Ironically, you usually can enter a string as answer to those questions that is more secure than the allowed password.

You'd think. United gives you a drop down with around ten common answers to choose from.

If you happen to have a favorite vegetable, but it's, say, the daikon, you're out of luck.

And then you call phone support and they ask you for it.

I actually had this happen once. The conversation went something like this:

Them: "I need to ask you a few security questions. What's your mother's, uh... mother's maiden name?"

Me: "Oh yes, I put a bunch of random letters and numbers there, let me pull that up for you... A Q 1 #..."

T: "... That's okay thanks. Next question: what street did you grow up on?"

M: "Same deal there?"

T: "Yeah, we're done."

I got the feeling the support agent had never seen someone do this before and thought I was crazy.

"I just entered a string of random characters."

"That is correct. Thank you."

mentally: "I knew he was the kind of guy who would do that."

"Go ahead and transfer all of the billing information to this address and change the email to [email protected]. Thanks."

CSR: "Sure, I'm happy to be of help."

Amazing how we don't allow support to know the password, but the security question answers that allow access - that' fine!

If I had to break in to an account, I'd choose one that used recovery questions. That'S far easier than cracking a password.