security questions

John Ioannidis ji at
Thu Aug 7 08:53:58 EDT 2008

Does anyone know how this "security questions" disease started, and why 
it is spreading the way it is?  If your company does this, can you find 
the people responsible and ask them what they were thinking?

My theory is that no actual security people have ever been involved, and 
that it's just another one of those stupid design practices that are 
perpetuated because "nobody has ever complained" or "that's what 
everybody is doing".


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list