|
The real problem is that those security questions tend to open up your accounts to social engineering and inside attacks.
When you're targeting random people, they're useless, but when you're targeting a specific person (e.g. a celeb, someone you want to scam, etc), they make it lots easier.
For example, let's say you're trying to get the PayPal account of a specific person. You know their email address, have tried to get the password, and have found out what the security question for that email address is.
You can give the person a call and come up with a story like "I'm doing genealogical research at the moment, and it seems you might be related to historical figure X. Your mother's maiden name was XYZ, right?". The answer will often be "No, it was XXX", giving you the answer you needed.
Or, if it's someone you actually know, it's even easier. You wouldn't tell people you know your passwords, but you would tell them random, seemingly unimportant trivia if those came up in conversation.
__________________
/(bb|[^b]{2})/
|