|With all the security professionals establishing secure practices at all the big IT shops, why is it that most such shops have such goofy password policies? |
I just took a brief look at our article. I don't know about T-Mobile's site, but many sites present you with only a fixed list of so-called "secret questions", and often none of the choices are any good. For example, I was recently presented with a list like this:
What is your dog's name?
What is your mother's maiden name?
In what city were you born?
I basically had to choose one of these, and I mean that I had to choose. I couldn't choose not to have a secret question, nor could I enter my own question.