On Thu, Aug 07, 2008 at 08:53:58AM -0400, John Ioannidis wrote:
> Does anyone know how this "security questions" disease started, and why 
> it is spreading the way it is?  If your company does this, can you find 
> the people responsible and ask them what they were thinking?

When I worked at DEC, in 1991, at least one internal purchasing system
used this method of authentication.  As a summer hire, I couldn't use it,
but my boss had to authenticate this way whenever he made any major
equipment order or transfer for our group.  IIRC, it used personal data
already available to DEC -- so they didn't have to ask their employees
for it -- emergency contact phone numbers, names of other insured parties
on their health care, license plates of cars authorized to park in the work
lot, etc -- and asked a small number of random questions for each

I thought it was pretty clever.  I still do, actually.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to