He described the signature cards used in opening new accounts, which had spaces for the customer's birthplace, "residence," mother's maiden name, occupation and age.
[1] By allowing the use of security questions online, they are rendered vulnerable to keystroke logging and brute-force guessing attacks,[3] as well as phishing.
[4] In addition, whereas a human customer service representative may be able to cope with inexact security answers appropriately, computers are less adept.
Therefore, a security question should not be shared with anyone else, or include any information readily available on social media websites, while remaining simple, memorable, difficult to guess, and constant over time.
[5][6][7] Security specialist Bruce Schneier points out that since they are public facts about a person, they are easier to guess for hackers than passwords.