The safety and usefulness is arguable both ways - an attentive user will give solid answers to their questions in a way which is not easily guessed, an inattentive user will give simplistic answers that are easy for a hacker to determine.
So, do you trust your users to set it up appropriately, or are they going to give the answer "Monday" to every question?
The questions are configurable though, right? So all you would need to do is construct a single highly complex question that requires the user to type a similarly complex answer. Something like... "Describe the benefits of encryption using fifteen words or less."
I was looking for some additional info on how the user self-reset works, as far as "policies" go... I checked the EndPoint Encryption Admin Guide for PC but didn't find much in there. Is there a way to configure the user self-recovery policy such that x number of failed questions will result in the account disabling, or even the laptop disabling? I would love to use this feature but can't convince Security to allow it without some additional safeguards. sad