Why u no work?
But why don't security questions work? Firstly, nobody's sure how they work with the specific service. Will somebody be able to reset my password by answering them right? Or will I be required to answer them after I login to the system with my username and password? Or will they be used just in case I need to prove my identity on the telephone? Who knows… (and don't bother explaining)
Than the next problem happens. When I'm asked to answer the security questions such as "Your first girlfriend's name", "Mother's maiden name", "Favorite holiday spot" or "Your pet's name", I can think of plenty of people who might know such things, and don't know what these monsters could do with the answers (see above). Sure, these are mostly people I trust, but lately, quite a few answers to questions like this can be found elsewhere, e.g. on Facebook. How can I be sure my mother has the correct privacy settings? Or that my pet won't appear tagged on someone else's picture? Is that a risk I'm willing to take?
Time to drop
Bottom line: I tend to be creative or lie when I'm answering security questions, and I'm sure I'm not the only one who does it. Lies and creativity are easily forgotten, so I end up not knowing the right answer when the time comes. Face it, you can not make a generic query that only I will be able to answer, and that's where the story ends. So please, stop using security questions, they don't work! Think of something else.
DISCLAIMER: Please note I'm not trying to persuade anybody to lower their security standards, but the fact is, people are emailing passwords to each other.