fuck security questions!

caue rego
caue rego
May 4, 2017 · 2 min read

in fact, fuck passwords too!!

truth is, the questions do serve a purpose… with naive users, who don’t properly store their passwords and so the lazy admins can rest, unless they also want to go the extra step of theater, as apple does. not to mention the millions the banks think they’re saving. all it takes to lose all those savings is one security breach there, and SQ’s are easily opening a huge cam of worms which greatly help crackers to find that breach.

Image for post
Image for post
those kids today… like myself crying here about a “huge world problem”

devs: just send a temporary password/code to the email. it’s still much more “secure” than those bullshit questions. and good enough for most cases.

probably the most secure solution: use some kind of single sign-on (or all of ’em) and 2 step auth. by all means, do allow to add a backup password if someone might want it, with a warning “you’re on your own, don’t lose this, we can’t help you”. and since you’re doing-it-right™, why not tossing in an ssh key along? it sure will get the word of mouth in any hacking community.

meanwhile, if you’re a worried user and need to give answers to keep your account “super mega secure”, get a vault for your passwords already and store them along as something equally impossible to anyone guess and at least 16 characters long.

oh, and there is no such thing as a “good security question”. nor a “good password” (yeah, just linked this great eevee post twice).

you don’t need to take my word:

 by the author.

caue rego

Written by

caue rego

cregox here. a nynphormartisct who enjoys to summarize unasked big questions, even if they look quite small to most and we don’t really know any answer. :)

cregox

cregox

a disconnected mind who loves randomness https://cregox.net

caue rego

Written by

caue rego

cregox here. a nynphormartisct who enjoys to summarize unasked big questions, even if they look quite small to most and we don’t really know any answer. :)

cregox

cregox

a disconnected mind who loves randomness https://cregox.net

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store