"A security question is used as an authenticator by banks, cable companies and wireless providers as an extra security layer. They are a form of shared secret. Financial institutions have used questions to authenticate customers since at least the 1980s. For example, a credit card provider could request a customer's mother's maiden name before issuing a replacement for a lost card. However, beginning in mid-2006, the questions have become ubiquitous online. As a form of self-service password reset, security questions have reduced information technology help desk costs. Seventy to eighty percent of American banks use RSA Security's "Adaptive Authentication program," including Bank of America, Wachovia, ING, Washington Mutual, and Vanguard. RSA estimates that ninety percent of banks are using security questions. The best answers are simple, memorable, can't be guessed easily, and don't change over time. Understanding that not every question will work for everyone, RSA gives banks 150 questions to choose from." Source and further information: http://en.wikipedia.org/wiki/Security_question Further information: - "Designing Good Security Questions": http://www.goodsecurityquestions.com/designing.htm