Maybe (most?) websites don’t do this anymore, but the problem with this is that some websites, instead of asking a challenge question, would give multiple choice, for example:
In which city were you born?
A. Boston
B. Lefthand paperback
C. Tuscaloosa
D. North Haverbrook
Then it’s pretty easy to guess.
I’ve found that they also do this where they want you to verify some part of your credit history, where one of the choices for previous address is something improbable, e.g. “14997 Macadamia Evergreen” and an intruder knows they can probably rule out that choice.
