“Financial institutions have long used questions to authenticate customers. If you lost your credit card in the 1980s, American Express might have asked for your mother’s maiden name before issuing you another one. But such questions have become ubiquitous online only in the last 18 months. In 2005, the Federal Financial Institutions Examination Council wrotestricter security guidelines for online banking, explaining that a simple user name/password combo wasn’t strong enough to lock up financial data on the Web. The FFIEC didn’t spell out what security improvements were needed, letting the banks decide for themselves. And so a thousand idiotic queries blossomed.”