Childhood phone numbers - if your parents still live in your childhood home and haven't changed phone number (not that unusual) then it's just their phone number.

First teacher - actually I can't remember mine (I was only there for a single term) but, again, I know enough people who have contacts they've had since very early school days, so will share that answer.

Honestly, I'm yet to come across a 'security' question of that type that is memorable to the user but couldn't be identified by someone else for at least a significant percentage of users. I'm not at all sure there are 'safe' questions of this sort.

We spent some time working on this for the security survey at SocialSci during signup -- since we don't associate your email to your account; its the only way for our participants to recover their password.

We did a lot of research and came up with a list of 20 security questions, tiered by quality and applicability. We present users the questions, and allow them to skip to a more desirable one.

Some highlights: Who taught you how to drive? How do you like your eggs prepared? What was your first brand of cell phone? (a cell phone is required to have gotten this far) How quickly after you were eligible did you get your drivers license? What time of day were you born? What is the name of the place your wedding reception was held?

Many of these questions are multiple choice, not fill-in-the-blank. We found that users are far more likely to recall what they would've chosen from the available choices vs what arbitrary text they entered into a field.

There are limits on recovery attempts; and limits on how much we tell you about what/how many you got wrong.

We require you to fill out 5 of these.

"Who taught you how to drive?"

So that's 60% of your users with the security answer: "Dad"

The best solution I've found: I lie on all my security questions.

Give your father's middle name instead of your mother's maiden name, or something. As long as you're consistent in your lies, it's not hard to keep track of.

This is not-super-secure, but in a lot of situations I just use a rule like "third character of first word + second character of third word + first character of fourth word", and so on. You end up with gibberish most of the time, but at least you're not going to let it slip in conversation (and as long as you remember the rule and don't pass that around, you're hopefully okay).

My strategy is to pad the real answer with the same two words for each question. For example, "purple 12345 banana", "purple Smith banana", etc. Not perfect, but it should defeat even the best would-be guessers.

Or just put "forty two" in all the answers!

Being picky about the childhood phone number: does anyone even remember that? Since I have the iPhone I can only memorise something like three or four phone numbers.

It's pretty much the only phone number I can remember.

I wonder if there's an age difference thing here. I'm unusual for my early twenties (AFAICT) in that I have several numbers in my head (including most of my college phone numbers, original home phone number, etc). Most of my friends are helpless without their cell.

Interesting: at 65, I only remember my childhood phone #, my current cell # (which I had for a couple years before I memorized it), and a previous landline which I use at the grocery instead of their club card.

No I really don't think it's an age thing; I think it's more likely a thing you're born with. I have no idea what my phone number is, have serious difficulties remembering even my postal code or house number. In the meantime, my girlfriend (who's my age) easily remembers the IP addresses of my servers.

Yes, but it's also still my parent's phone number. I know it better than my social security number.

Well, maybe that point just got me all excited because I had to work on exactly that dilemma of bad security questions a few years ago for a big identity management installation and we would end up with exactly those kind of a bit more personal/specific questions like who was your first manager, lyrics to favorite song, most significant politician...

In my case, being European and only moved from my parents' house once in my life so far - yes, I do remember my (old) home phone number better than the one my mom switched to now.

Either way, it is a surprisingly difficult topic and very dependent on the organization and people.

I really love that type of research and I guess I got myself all excited as well and forgot to say that one of the numbers I do remember is the childhood phone number but only because it still is the same!