[specktr]

On a similar note, I setup my utility account this week. It was suggested by the representative that I use the last 4 digits of my SSN as a pin for my account. Pretty disappointing how short sighted many companies are when it comes to security practices.

[smsm42]

That's because if somebody gets in, it's not their problem for having lax authorization, it's your problem for being "victim of identity theft" and all the burden of proving it wasn't you rests on you. It costs them nothing to give out horrible advice, so they do it.