I recently turned 18, so my parents signed me up for driving school. When I showed up at the academy, I was surprised by the cars they had available for students to learn on. They told me to pick whichever I liked best, and I chose the Mercedes-Benz G500.
I always thought these “ask” communities were a great vector to extract PII.
all you’d need to do is link users to leaked identities and probably get access to accounts quickly.
this is why I make up the wrong answers to any of those questions.
I swear to God any account system that uses security questions is brain dead.
For one, a third party can get access to that information with relative ease in many cases but furthermore, some of the security questions are subjective. If a security question asks me during account creation what my favorite restaurant is, what my favorite food is. That answer might literally change, I might not be able to remember the head space I was in when I made the account.
Yes yes let’s protect your password with three shittier passwords for no good reason.
completely agree.
on the other side though, some.of the questions are things that are easily found. things like, “what street did you grow up on” or “what is your mothers maiden name”. like…that shit can be found for free, like right now on the internet at about 200 data brokers.
how about we get an option for hardware keys? or better yet, pgp/rsa keys?
factor those in with password and MFA there should never be a reason why someone (who knows wtf they’re doing) would ever get locked out of their accounts.
I just had to recover my PSN account from a decade ago and I did this with my mother’s maiden name apparently
luckily I managed to remember the false birth date I had also used