

Ask HN: When banks (or Sony) take your mother's maiden name - noduerme

is there any reason they'd need to store it in plain text?
======
stonemetal
So they can ask you what it is as a security question.

~~~
mooism2
In principle they could type the answer you give over the phone into their
computer, which then treats it like any other password. In practice, I expect
some people's mothers were born with surnames that don't sound like they look,
or are otherwise hard to spell. So there's a usability issue that you don't
get with ordinary passwords.

Although I expect most of them are storing it as plain text because of
inertia.

