I HATE Security Questions
There are tons of good reasons why so-called "security question" are terrible. As long ago as 2005, Bruce Schneier, for example, wrote about what a stupid idea they are. I've resisted setting them as much as I can, but sometimes the dumb site just won't let you get by without setting them. Ironically, they say the questions make my account MORE secure. But if my password is "8ycAMKin34pNL253" and my high school mascot was a "hornet," which is easier to guess? If a would-be impersonator wants to hijack my account and they don't know my password, they can just stroll over to Facebook and try to figure it out from either my own profile, or one of my friends' profiles. Figure out which of my friends went to high school with me, and bang, you've got it. Figure out that I went to high school in Virginia Beach (by reading my blog, for example) at a time when there were about 12 high schools, and you've only got 12 things to try. That's stupid. That's the weakest link to taking over my account, not my very secure password.