When offering choices for security questions they have to:
2. PEOPLE FORGET - Fact is we are all getting older and our memories fail us, so asking a teenager "What is the name of you first teacher?" will likely provoke a consistent response more frequently than a 40 year old.
3. PEOPLE HAVE DIFFERENT EXPERIENCES - Even though we are all sharing in this global digital experiment they call the Internets, our personal experiences are different depending on our age, sex, nationality and culture. Ask a person from India "What is the first car you have owned?" and they may never have owned a car. If subsequent question choices always contain one car question then you have dramatically reduced their options for selecting a question that they can reliably answer in a consistent fashion (see 1 above).
4. IF YOU'RE GOING TO FORCE PEOPLE TO SUPPLY 3 DIFFERENT ANSWERS DON'T HAVE QUESTIONS WHICH CAN PROVOKE THE SAME ANSWERS - If you ask "What was your first car?" and then in another question "What was your favourite car?" don't be suprised if people choose the same answer!! They may have only ever owned one car, but more importantly people often have a fondness for their first of any experience. I can remember the number plate of my very first car almost 20 years ago yet I can't remember the number plate the car that I own now!!
What annoyed me most is that there was simply no reason for this to happen, and it wouldn't if Steve Jobs had gotten wind of it. The content of the question and it's answer are entirely irrelevant and merely exist as a way to provoke a validateable response in 100% of cases. Therefore the only logical method is to is ask your users to write their own questions and answers and not to force them to choose between your choices in an Adventure Gamebook style!