I remember being involved in the implementation of security questions, some years back. (Not my choice...)<p>Lots of talk and "analysis" about "best practices"...<p>It's just another password. (I'll consider a set of multiple Q//A to still constitute a single pass... mechanism.) One socially engineered to have low entropy and ever-increasing discoverability.<p>When sites force me to enter security Q/A values, I generate random values and use those. And note them in local, encrypted store for possible future reference.<p>The whole security Q/A has ended up being a cost savings-driven, analyst defined, best practices boondoggle.<p>And the idea, in this FB instance, that you have a password that you can never change, and that you were prompted to set to what is probably a fairly discoverable and/or low entropy value? Facebook needs to rethink this. It needs to get past the customer support level ("it's a feature, trust us") to some serious consideration and re-evaluation/re-architecting.<p>I'm not outright opposed to a backup access mechanism, when properly defined and used. (Compromised? Be sure to use the backup in some "out of band" fashion.)<p>But a weak, can't be changed "password"? Come on.<p>P.S. Of course, another approach may be the assumption that all people have / soon will have phones that provide an out of band mechanism for two-factor authentication. (Although... given that the same phone is increasingly one's primary access to the FB site itself... maybe this should be rethunk, too?)