!Security questions and answers are exactly the same as passwords. Worse, actually. They provide access to a site when you have lost one (or more) of the other authentication factors such as password or username or e-mail address. And even worse, most people provide truthful answers, so with a bit of doxxing it becomes trivial for a cracker to gain access to a site simply by claiming to have forgotten the password and then supplying well-known answers to trivial questions. Answers to security questions should be long strings of random characters, and never repeated on different sites.