Personal questions for authentication, a misguided approach

The federal government might want to read the advice from Stuart Schechter et al. published in the IEEE Symposium on Security and Privacy about why to avoid "Golden Questions."

A screenshot of the E-QIP website.