Where I live we have all been told time and time again never to use part or all of our dates of birth or those of family members, numbers that could bring our telephone number, car registration or house number to mind, own or mother's maiden names.
make up something and write it down in a notebook you keep in a secure place.
Microsoft and Apple have been very guilty of suggesting we use the first address we lived at, or something else that could be verified quite easily, which is asking for trouble.
I was asked the security question of my mother's family name, and I told them. They replied 'No it isn't'. I promised them it was. I then had to think of a name that was one letter different from mum's 8 letter name. Bingo!
Have you experienced being asked to provide, or confirm, a so-called security question over the telephone "to prove that it is you" where there is little or no security in the information?
For example, mother's maiden name.
For some people that might be quite secure if, for example, the person lives away from where they grew up or if their parents had moved house after they were married.
But if someone grew up in a rural area and their mother was a local girl and had a brother who had a son, then it is well-known what their mother's maiden name was.
Or two cousins whose mothers are sisters.
Or, "for security", your date of birth.
I once had a credit card where they wrote to me that they had a new facility where I could find out my balance by telephoning [number] and then keying a four digit .security number that (supposedly) "only you will know", namely the last two digits of your year of birth and the last two digits of your home telephone number.
The real problem with this is that if something goes wrong then the organisation is quite likely to seek a defence of saying that they asked security questions and they were answered correctly and so they "had to assume" that the caller was genuine.
I was asked for mother's maiden name when I got a debit card, "for security". I declined and said I would use a password instead, and that was accepted.
Years later, I was asked for two letters of my security password and the asker (I had rung them) said "it may be your mother's maiden name". I stated the two letters but did mention that it was not in fact my mother's maiden name but a password.