>What I do personally is type random things as the answers, and write them down somewhere. But that doesn't improve security, it weakens it. //
It weakens it to the extent of your physical security. But in practice how many crackers are breaking in to your flat [aka condo] to find your written down security responses, unless you're famous - or a target some other way (politician?) - in which case you should have sufficient physical security to protect the written answers.
Having security questions allows users to use hard passwords without the problem of losing an account. It increases the risk of personal attacks, for sure, but I'd warrant the chance of personal attack [ie by someone who knows you (or has gone through your bins)] is minimal for most people vs. the chance of an automated online attack.
I think it's right to minimise the online attack surface at the risk of the offline one for most users.
It weakens it to the extent of your physical security. But in practice how many crackers are breaking in to your flat [aka condo] to find your written down security responses, unless you're famous - or a target some other way (politician?) - in which case you should have sufficient physical security to protect the written answers.
Having security questions allows users to use hard passwords without the problem of losing an account. It increases the risk of personal attacks, for sure, but I'd warrant the chance of personal attack [ie by someone who knows you (or has gone through your bins)] is minimal for most people vs. the chance of an automated online attack.
I think it's right to minimise the online attack surface at the risk of the offline one for most users.