Many sites require users to provide answers to "security questions," which are typically used as part of the account recovery process. This talk will explore the nature of these questions and answers, and present problems associated with this practice.