Are you a programmer? Do you want to create a *login* registration form? Do you want it to be good?
Then FUCK SECURITY QUESTIONS, DAMN!
Also fuck those password requirements!
And fuck the whole form, in fact. Use some openAuthID already, such as google, twitter or even freaking facebook, for fucking sake!
Security questions are the *easiest* ways to make a security flaw. Apple learned it the hard way. All you need is gather a little info from your prey. The people who are most likely to get hacked will be easier targets with this bullshit.
Password requirements, such as “at least one number, one capital letter and one non alphanumeric character” are like “security” doors in banks or metal detectors in airports. They are only an annoyance theater. The only requirement you should ever ask is “type in at least 16 characters” but, even that, fuck it. If the person wants to have a weak password, fuck them! If it’s a “poor” old person, fuck them!
Fuck. Tell them to go learn to live a little and quit whining. Close the telephone support doors (Google) or make it long lines (Apple).
You want to alert them? Then ALERT THEM! Do not REQUIRE everyone to do as you please. Make a popup “YOUR PASSWORD IS PROBABLY INSECURE — PLEASE TYPE IN AT LEAST 16 LETTERS” or something.
If you HAVE to make that form, if someone is pointing a gun to your head and telling you “MAKE A FREAKING LOGIN FORM”, then do it properly. It’s not that hard.
But it would be better if right after that, you get a gun back to that someone and say “I WILL NOW USE OPENID, FUCKER”, and delete the whole thing.