I just got this line when I created (five)
security questions with my
broker.
It's a blatant lie. It's no more secure than it was before. In fact, these questions often provide a false sense of security and actually weaken the system as a whole. In many implementations they provide a means of short-circuiting the normal "hard" authentication system by asking questions to answers that can be found by easier, public, means.
It is
not a means of
two-factor authentication as many financial institutions claim--instead they function as additional (or worse, alternative)
passwords. An
actual second method of authentication would be similar to what
banks in Europe use, where they provide a
credit-card sized plastic card that has
one-time use codes. This requires the user to both
know the password, and to
have the card--a true two-factor authentication method.
Knowing two things doesn't increase the security anymore than making a stronger password would.