fuck security questions!

caue rego
caue rego
May 4, 2017 · 2 min read

in fact, fuck passwords too!!

truth is, the questions do serve a purpose… with naive users, who don’t properly store their passwords and so the lazy admins can rest, unless they also want to go the extra step of theater, as apple does. not to mention the millions the banks think they’re saving. all it takes to lose all those savings is one security breach there, and SQ’s are easily opening a huge cam of worms which greatly help crackers to find that breach.

those kids today… like myself crying here about a “huge world problem”

devs: just send a temporary password/code to the email. it’s still much more “secure” than those bullshit questions. and good enough for most cases.

probably the most secure solution: use some kind of single sign-on (or all of ’em) and 2 step auth. by all means, do allow to add a backup password if someone might want it, with a warning “you’re on your own, don’t lose this, we can’t help you”. and since you’re doing-it-right™, why not tossing in an ssh key along? it sure will get the word of mouth in any hacking community.

meanwhile, if you’re a worried user and need to give answers to keep your account “super mega secure”, get a vault for your passwords already and store them along as something equally impossible to anyone guess and at least 16 characters long.

oh, and there is no such thing as a “good security question”. nor a “good password” (yeah, just linked this great eevee post twice).

you don’t need to take my word:


a disconnected mind who loves randomness https://cregox.net

 by the author.

Written by

cregox here. a nynphormartisct who enjoys to summarize unasked big questions, even if they look quite small to most and we don’t really know any answer. :)



a disconnected mind who loves randomness https://cregox.net

