The risk of simple answer from secure question



If we want to create new account at some network aplication, we usually found some field to secure question.
The secure question used to resset password if we have forgotten the password of that account, but with the simple answer of secure question everyone can use it as a way to owned our account.

For example:
Vince make a problem with Andre, and Andre don't like Vince cause she haven't sorry about that problem. And Andre make a plan to owned all of Vince account.
Andre knows that Vince have an account in a social networking, so he make a fake account of that social networking with name Anton and try to close by Vince without Vince knows about Anton is Andre. (with social engineering tehnique)
After Vince believe that Anton is real.
And then Andre try to owned Vince's mail cause Andre had think there are more private information and some private mail in Vince's inbox mail. The simple way which Andre knew is reset password with secure question of Vince's account.

Now Andre go to mail server where Vince have account there, He opens feature forgot password which there's in that site, he's choosing secure question mode and try answer the question.
Example question is Where are your father born?
If andre didn't know the answer, he can direct ask it to Vince though Anton's account. Which one else way :
Anton : Where are you from Vince?
Vince : Tokyo
Anton : Is your father from there too?
Vince : No, my father born in Yokohama.