Every last one of these questions is terrible

Comments

• LodeMike@lemmy.today ⁨2⁩ ⁨days⁩ ago

  Just make the answers diceware passwords and store them in your password manager.

  source

  • fulg@lemmy.world ⁨2⁩ ⁨days⁩ ago

    This is the right answer. I never answer those, you add new entries in your password manager in the notes for the main site.

    If you answer truthfully to any one of those, your account is at risk.

    source
  • Canadian_Cabinet@lemmy.ca ⁨2⁩ ⁨days⁩ ago

    Hoy shit, that’s so smart. Now to see if Bitwarden can auto-fill them

    source

    • IHawkMike@lemmy.world ⁨2⁩ ⁨days⁩ ago

      It’s unlikely since it uses the field ID and not the text, so it wouldn’t know which question went with which answer.

      It’s so rarely needed to actually use these anyway, that it’s a non-issue IMO. You should never opt to use security questions as they are terrible from a security standpoint. This is just for when they are required by stupid websites.

      source

      • -> View More Comments
• TheHobbyist@lemmy.zip ⁨2⁩ ⁨days⁩ ago

  The best insight I remember reading about questions as MFA, is to consider the answer as a password. If you use a password manager, don’t feel forced to use actually true answers. The answer doesn’t have to be true, you just need to know it. Use a password manager and invent answers which you store. This is so much more secure than relying on the truth.

  source

  • SmoothLiquidation@lemmy.world ⁨2⁩ ⁨days⁩ ago

    Ahh yes, my favorite account on “x”. OqY4LO%&1Xv&e9YbRczM^nc3tD*f$4um3

    source
  • pineapplelover@lemmy.dbzer0.com ⁨1⁩ ⁨day⁩ ago

    Yeah I use a 10 word passphrase for these

    source
• firipu@lemmy.world ⁨1⁩ ⁨day⁩ ago

  Yeah, don’t answer truthfully. My favorite food has been a waterslide for ages.

  source

  • pineapplelover@lemmy.dbzer0.com ⁨1⁩ ⁨day⁩ ago

    Now if you would just provide me with your other account information…

    source

    • firipu@lemmy.world ⁨1⁩ ⁨day⁩ ago

      Born on January first 1900. Undefined gender.

      source

      • -> View More Comments
• Piatro@programming.dev ⁨2⁩ ⁨days⁩ ago

  So-called “security questions” like these are prohibited under various standards (there’s a NIST one that I can’t remember exactly, and OWASP ASVS) because they’ve always been really terrible at verifying it’s actually you answering them, and not just someone who happens to know the answer. Mother’s maiden name being the notorious example.

  source

  • cybervseas@lemmy.world ⁨2⁩ ⁨days⁩ ago

    Also many of them have extremely likely answers.

    source
• pineapplelover@lemmy.dbzer0.com ⁨1⁩ ⁨day⁩ ago

  For security questions I usually put a random long 10 word passphrase. LPT for you guys

  source
• partial_accumen@lemmy.world ⁨2⁩ ⁨days⁩ ago

  One method to approach this is to use a simple personal algorithmically to create answers here. As in, you could put any security question in front of someone that uses this method, even those questions never seen, and the personal algorithm would produce an answer only the user would know. Here are a couple algorithms I made up to show an example for this post.

  Input security question (the first from OP’s list): What was the first stock you ever bought?

  • Algorithm number one answer: eight - Algorithm: How many words in the security question?
  • Algorithm number two answer: sold - Algorithm: Ignore all words except the verb, in this case “bought”. Whatever the verb is, the answer is always the opposite verb.

  This way you don’t necessarily have to write down your security question answers. Most certainly never write down your personal algorithm. Using this method it is trivially easy for you (and only you) to produce an answer from any security question given to you and equally easy for you to reproduce the answer when you need it in the future.

  source
• captainlezbian@lemmy.world ⁨2⁩ ⁨days⁩ ago

  First partner is fine. First foreign country isnt terrible. The rest range from pretty bad to “what human thought this was a good security question”

  source

  • last_philosopher@lemmy.world ⁨1⁩ ⁨day⁩ ago

    Yeah but first boyfriend/girlfriend drives me crazy because then I’m going back through my various early relationships trying to figure out who counts as a “girlfriend”. I’d say Sherry was the first but she always said we were never really together. Well now you’re a security question answer so you can’t deny it anymore Sherry.

    source
  • ameancow@lemmy.world ⁨1⁩ ⁨day⁩ ago

    First partner is fine.

    If you’re really concerned about security, you should know people can often crack this one pretty easily if you have public social media accounts. It depends on how much you have at stake. I don’t think it would matter for your Netflix password, but if it’s an investment account with tens of thousands of dollars or more, you should be aware that “hacking” is really just a very organized process of digging into data leaks and social media accounts to scrub as much information about a target as possible.

    To this ned, your childhood friend is (237#0Je<-)Banana39999_willywarmer, and the street you grew up on is Jupiter’s radiation belt.

    source
• jordanlund@lemmy.world ⁨2⁩ ⁨days⁩ ago

  “What’s the first app you installed on your smart phone?”

  How many of these accounts can now be compromised by answering X/Twitter/Facebook/Instagram/What’sApp?

  source

  • eager_eagle@lemmy.world ⁨2⁩ ⁨days⁩ ago

    Image

    source

    • papalonian@lemmy.world ⁨1⁩ ⁨day⁩ ago

      Say what you will, the lightsaber app was cool and definitely worth $0.99 to get custom colors.

      source
  • cornshark@lemmy.world ⁨2⁩ ⁨days⁩ ago

    Joke’s on you, no one will ever know that the first app I ever installed is TCPMP on a Windows Mobile smartphone to play ogg vorbis audio from the SD card!

    source
• PunnyName@lemmy.world ⁨2⁩ ⁨days⁩ ago

  Doesn’t need to be real answers. Can just use combo nonsense like correcthorsebatterystaple or whatever.

  source
• Nikko882@lemmy.world ⁨2⁩ ⁨days⁩ ago

  Most of these read like ads. Most of the rest read like information found in an advertising profile (the kind of info that ad companies purchase). Only a couple read like actual things people care about.

  source
• Pudutr0n@feddit.cl ⁨2⁩ ⁨days⁩ ago

  Wrong community. Extremely infuriating.

  source
• HubertManne@piefed.social ⁨2⁩ ⁨days⁩ ago

  I always called them insecurity questions. Im almost sure its easier for someone or thing with a dossier on me to answer any of them than me.

  source
• ech@lemmy.ca ⁨2⁩ ⁨days⁩ ago

  Why would you answer the actual question anyway? That just means if someone knows the actual answer, they can get into your account. The question shouldn’t matter. It should be treated as a secondary/tertiary password.

  source
• Rhynoplaz@lemmy.world ⁨2⁩ ⁨days⁩ ago

  These questions make me feel old as hell.

  source
• Krudler@lemmy.world ⁨2⁩ ⁨days⁩ ago

  pick the first three, then always punch in your own version of “none1” “none2” “none3” as the answers. This isn’t rocket surgery.

  source

  • dingus@lemmy.world ⁨2⁩ ⁨days⁩ ago

    Haven’t you ever had places randomize the question order when you have to answer the. Later?

    source

    • Krudler@lemmy.world ⁨1⁩ ⁨day⁩ ago

      Do you not get the basics of this? You’re not asked to pick from all the questions when you answer the security questions in an authentication scenario… lmao

      source

      • -> View More Comments
  • Eddyzh@lemmy.world ⁨1⁩ ⁨day⁩ ago

    If you want easy non security just answer the last word of the question.

    source
• HotsauceHurricane@lemmy.world ⁨2⁩ ⁨days⁩ ago

  Choose questions, write them down, place the Q’s & A’s in the notes of your password app. Use paper to smoke them mara-ju-anas.

  source
• waz@feddit.uk ⁨2⁩ ⁨days⁩ ago

  Nokia 5.1 Nothing else would make any sense to use.

  source