(in)Security Questions

From IIW

Insecurity Sessions

Thursday 4J

Convener: Jim Fenton

Notes-taker(s): Jim Fenton

Tags for the session - technology discussed/ideas considered:

Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

We had a small but engaged group for the Insecurity Questions session. We discussed several examples of "security" questions that appear on the Insecurity Questions blog site:


Several key points:

  • Despite what some sites say, setting up "security" questions does not

improve your account security, it degrades it.

  • "Security" questions are really about cutting customer support costs,

not about improving security

  • This is a practice that is effectively banned in some areas of Europe

(e.g., Sweden).

Send us more examples! See the instructions at