Allow multiple questions

Say you have only one question: "What is your library card number?"

Some users don't have library cards!

Imagine instead you allowed a person, on their account editing page, to select what question they would like to have as a reset question. There would be enough questions so that each person would be able to find a question that is both relevant and secure.

Of course, once they select one question out of a list of several, that question would be the one that they have to answer when they reset their password.

Perhaps an example would be helpful.

Joe Smith registers on Example.com. He has to choose between three possible reset questions-- "What is your library card number?", "What is the first car you ever owned?" and "What is your father's name?" Since he is an orphan and never owned a car, he selects the first question, and enters his card number, "129020421". A few days later he forgets his password, and goes to reset it. He pulls out his library card, types in the right answer-- 129020421-- and the site allows him to choose a new password.

This example is a little simplified, because for real security you might want to ask a TOTAL of three questions, and you might give several choices for each question (so their might be a bank of say, 12 different possible questions and users must select three).