Franklin Templeton: Security Through Inaccessibility

I knew I was in for it when I tried to get to my account on franklintempleton.com last Saturday afternoon, and the main page was replaced with a notice that the site would be down for scheduled maintenance “until 2am on Saturday.” By Sunday afternoon, the main page was back. But I still couldn’t log in; evidently part of the “scheduled maintenance” was a new security scheme that required me to specify a user ID other than a certain personally identifying number (good) and provide answers to a bunch of challenge questions that would be used during the login process (bad, as it turns out). No matter how I filled out that form, it would not validate, insisting that I hadn’t provided answers to some of the questions. I tried in both IE7 and Firefox 2, to no avail. Eventually I forgot about it. I meant to screenshot the security form, but I guess I didn’t.
I took another look tonight, and saw this pleasant little notice (which I did screenshot):
ft_security_thru_inaccessibility.jpg
Given how I make my living, I have some sympathy for this. Wait, no I don’t. It takes real effort to make something that will work in IE6 but not IE7. If I let something like that get into production, I’d at least get yelled at, and I might just get fired. I’d deserve whatever I got, especially if I left it up for a week. Fer cry yi yi, it’s the intertubes…one of the benefits is that it’s easy to update rapidly and fix your mistakes.
I sure am glad I didn’t need to get to my account this week.