Aside from these questions’ vulnerability to a little research (to say nothing of nosy parents or malicious exes), none of them are relevant to all adults. How many of us can answer the premillennial “What city were you in to celebrate the year 2000?” or “What year did you take out your first mortgage?” And how many Indian- or Brazilian-born users went to a high school without a mascot, or grew up on a street with no name? How many of our mothers never changed their names?

The other main type of security question asks for a subjective answer. Such questions imagine lives punctuated by distinct firsts and bests and filled with enduring favorites, but favorites and bests and even firsts can change when people maintain accounts for decades. At some point, both factual and subjective security questions become archaeological. “In what month did you meet your significant other?” requires a framing question: Whom were you with when you set up this account?

A 2015 study by Google engineers found that only 47 percent of people could remember what they put down as their favorite food a year earlier — and that hackers were able to guess the food nearly 20 percent of the time, with Americans’ most common answer being pizza. (Google has been phasing out security questions in recent years.) Even when people remember their answers, they sometimes forget their precise form. This hazard has prompted some websites to offer a fixed set of answers. To “What is your favorite type of reading?” United Airlines offers a pull-down menu with 19 options, including blogs, cookbooks, professional development and self-help, but nothing like literary fiction (the death of the novel?).

As long as security questions are going to be used, professional consensus holds, they should have many possible answers, and each of those possible answers should be simple, stable, memorable and not easily researched or guessed. But questions that are sufficiently general to apply to most people almost never fulfill these requirements: “What is your favorite season?” “What is your favorite fabric?” “Who is your favorite person in history?”

Even exceptions that look good at first fall short. “What is the last name of the teacher who gave you your first failing grade?” includes an assumption about academic records; strangely, it appears on the LSAT registration website, whose users’ transcripts are likely to be too unblemished to furnish an answer. “What was the name of the boy/girl you had your second kiss with?” is impossible in its Proustian hyperspecificity. Then there’s the State Bank of India’s vertiginous “What is the website that you rarely visit?” which reads like a Zen koan whose purpose is to make you reflect on the unknowability of the answer.

What would a truly powerful security question be? The ideal is a science-fiction scenario where your future self calls your past self, and your past self asks your future self to prove it’s you. When given the chance to write their own questions, though, most people choose not an intimate secret but something more like “1+1=?”