The title of this post is still one of the most common question asked by banks and credit card companies while you get telephone support.
Bruce Schneier writes about the curse of the secret question. I thought I was the only one that typed in junk to these questions when prompted. Of course the paradox of this is succintly pointed out by the author..
The result is the normal security protocol (passwords) falls back to a
much less secure protocol (secret questions). And the security of the
entire system suffers.
…So all of the good work done by many sites in terms of password quality (minimum length, alpha numeric combo, etc) is knackered by the details requested by such secret questions and eloquently mapped by family details, hobbies and personal characteristics.