I completely and utterly loathe the security question-answer system. Has there been any study into how effective they are at improving security compared to, say, being forgotten and causing a complete annoyance? I've been unable to get access to fairly important accounts because I couldn't remember which answer I gave to a generic security question 4 years ago; I know full well that I gave a perfectly correct answer at the time, I just have no idea what it was.