security questions
John Ioannidis
ji at tla.org
Thu Aug 7 08:53:58 EDT 2008
Does anyone know how this "security questions" disease started, and why
it is spreading the way it is? If your company does this, can you find
the people responsible and ask them what they were thinking?
My theory is that no actual security people have ever been involved, and
that it's just another one of those stupid design practices that are
perpetuated because "nobody has ever complained" or "that's what
everybody is doing".
/ji
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list