[pfranz]

I figured granular security has more of an enterprise appeal than consumer, and I still don't really see it.

Email, for example. Day-to-day our normal authentication should cover what's in my inbox and/or the last few months of messages. A "deep dive" of emails from 10 years ago should probably have a second level of authentication. You don't access them that often. Yet, once your compromised your whole history of emails can get slurped up very quickly.

I pointed out to my wife not to email anything with our ssn to our tax guy. She kind of balked, but I pointed out if in 10 years he's compromised it's probably still in his email and trivial to scan for ssn or tax documents.

It's been years, but I was at a company that switched to an auto-delete policy after 90 days or something. I thought it was compliance related, but I also think they encouraged you to store important messages in a local inbox which would seem to contradict that.