fuck security questions!

in fact, fuck passwords too!!

truth is, the questions do serve a purpose… with naive users, who don’t properly store their passwords and so the lazy admins can rest, unless they also want to go the extra step of theater like apple do. not to mention the millions the banks think they’re saving. all it takes to lose all those savings is one security breach there, and SQ’s are easily opening a huge cam of worms.

those kids today… like myself crying here about a huge world problem

devs: just send a temporary password to the email. it’s still much more “secure” than those bullshit questions. and good enough for most cases.

probably the most secure solution: use some kind of single sign on (or all of ’em) and 2 step auth. by all means, do allow to add a backup password if someone might want it, with a warning “you’re on your own, don’t lose this, we can’t help you”. and since you’re doing-it-right™, why not tossing in an ssh key along? it sure will get the word of mouth in any hacking community.

meanwhile, if you’re a worried user and need to give answers to keep your account super mega secure, get a vault for you passwords already and store them along as something equally impossible to anyone guess and at least 16 characters long.

oh, and there is no such thing as a “good security question”. nor a “good password” (yeah, just linked this great eevee post twice).

you don’t need to take my word: