I don’t know, but I could probably find out.
There is an increasing amount of discussion within the information security industry about whether the use of “security questions” to unlock forgotten passwords is a sound practice. Many web sites ask users to answer personal questions upon registration, so that those questions and answers can be used in the future to authenticate users when they have forgotten their passwords. The problem is twofold:
(1) The answers to many of these questions can be relatively easily guessed by an unauthorized individual to gain access to the account.
(2) In many cases, the authorized user forgets the answer to the question when it is needed later to access the account.
A recent study conducted by researchers at Microsoft and Carnegie Mellon University (“It’s no secret: Measuring the security and reliability of authentication via ‘secret’ questions”) found that 17% of users’ security answers were guessed correctly by mere acquaintances, and 20% of the study participants forgot their answers within six months.