Microsoft has taken Windows back into the past, asking you to fill in security questions when you set up your user password in a fresh copy of Windows. I noticed this installing a fresh copy of win10 1809 last week, trying to get an existing copy of win10, with lots of installed software [otherwise I wouldn't bother], working on a new &%$$#*@!!! NVMe M2 drive. And then Firefox -> Pocket had an article from Ars Technica talking about it further -- it's worse than what I knew about.
arstechnica[.]com/information-technology/2018/12/what-was-the-name-of-your-first-exploit-win-10-security-questions-open-backdoor/
Back in, I'd guess the Prodigy days [if you remember that you're old, like me], it seemed like a pretty good idea to have a way that you could prove that you were you when you lost the password to your account, & needed the company to give it to you -- nowadays they reset passwords, because no one besides you should store the actual password, but everyone was more naive back then. Soon enough though there was the web, and the web was where anyone could find the answers to most any security question any company might ask you. And answering those questions correctly let anyone take over your account(s). That was such an obviously bad thing, that I think most of us assumed security questions were pretty much dead by now, until Microsoft resurrected them that is.
So, for the record, and for those who weren't around for the original, popular demise of security questions, or in case it's been so long you forgot, Treat Them & Use Them Like Passwords. Record the question(s) you answered, along with the nonsense &/or cryptic answer you supplied.