A few security-conscious web sites allows users to write their own security questions, and web developers are occasionally asked to provide a few questions for their sites. Lifehacker reader James provides some perspective on what really makes a question secure.
The problem with most stock security questions, as former VP-hopeful Sarah Palin learned, is that they can be found out by digging through public records, social profiles, and a little deep Google work. What makes a security question a good one? James offers some good insight:
A good security question will have the following characteristics: 1. Easy to remember, even 5 or 10 yrs from now 2. At least thousands of possible answers 3. Not a question you would answer on Facebook, Myspace, in a "Fun Questions to Ask" survey, or in a article or interview 4. Simple one or two word answer 5. Never changes
Hit the link for security question examples that meet this criteria. For more on security, check out our guide to how to choose and remember secure passwords.
How to pick a REALLY good security question [iamjames]