But as with many online defenses, companies are often forced to make trade-offs between convenience and security, attempting to strike the right balance between safety and not alienating users locked out of their accounts.
Rogers has a record of finding problems in online services. Last month, he accepted a caution from police rather than face charges for discovering a vulnerability in the website of one of the country's public transport authorities late last year.
A database flaw within the website of Public Transport Victoria (PTV), which runs the state's transport system, allowed Rogers to gain access to some 600,000 records, including partial credit card numbers, addresses, emails, passwords, birth dates, phone numbers and senior citizen card numbers. Rogers notified the agency of the problem and did not try to profit from the information, but the incident was still referred to police.
Sign up for Computerworld eNewsletters.