Does anyone know how this "security questions" disease started, and why it is spreading the way it is? If your company does this, can you find the people responsible and ask them what they were thinking?

My theory is that no actual security people have ever been involved, and that it's just another one of those stupid design practices that are perpetuated because "nobody has ever complained" or "that's what everybody is doing".

/ji

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to