Re: @Charles 9
@DougS - I know there is an invisible line in the sand, but we shouldn't confuse hackers who want the best return for the least outlay, hence grab password file and run a dictionary against it, and those who have intent upon you as an individual.
I accept with large public databases such as Facebook more personal information is available to the hackers, but I do think we need firstly to worry about the hackers. If someone is prepared to undertake the level of research you're intimating then you have bigger problems that super secure passwords won't make go away.
However, I totally agree with you and Smody's comment, we shouldn't treat these questions as requiring honest answers, they simply need answers that we know and that can be used to demonstrate we are the rightful user of the account associated with them. Because of this, these details also need to be securely stored and not easily retrieved - even if I have the correct username and password.
Biting the hand that feeds IT
