Worse is Better

Code Hale shows that sometimes performance needs to be sacrificed for security. Premature optimisation is the root of evil :p

The Secret Question System is insecure

Seeing that this is so obvious and easily breakable, I'm surprised sites still continue to use the secret question to recover your password. The problem is not so much in the system as in the questions chosen. A really secret question would be one which is known to you and only to you. But usually secret questions involve your mother's maiden name, or your pet or childhood hero. Now to anyone who has known you for a sufficient amount of time, and anyone who has read your profile on one of the social networking sites you are a member of, these are easily answerable.