Conversation
Notices
-
♻ Richard Akerman @papervote: You all understand that Twitter "7 things" memes are an efficient way for hackers to get the answers to your !security questions, right? ¶ #FirstSevenLanguages
- clacke repeated this.
-
@bobjonkman "Security questions" have long been primarily been useful to online vandals anyway. One should never give true answers (or same answers on multiple sites).
-
Or #Perl.
-
@pennyfortheguy @davehunt They are the same issue. If site X database is captured, your secret questions / answers are captured unencrypted. Along with your e-mail address, that can give control of every account you have, with or without strong passwords.
-
!Security questions and answers are exactly the same as passwords. Worse, actually. They provide access to a site when you have lost one (or more) of the other authentication factors such as password or username or e-mail address. And even worse, most people provide truthful answers, so with a bit of doxxing it becomes trivial for a cracker to gain access to a site simply by claiming to have forgotten the password and then supplying well-known answers to trivial questions. Answers to security questions should be long strings of random characters, and never repeated on different sites.