Email or username:

Password:

Forgot your password?
All posts Thomas's posts Post Back to profile
Top-level
Alexander The 1st

@hunterhacker @dplattsf @pjohanneson @thomasfuchs (Because I'll note, while I'm pretty sure this is no longer a valid security question in most contexts, that would be information enough to go from "I know this unrelated person's password and username" to "I don't need to know this other person's password, because I know their username, and I can try to reset it instead of breaking it.".

Or they can do that with your birthday, etc.)

6 Dec 2023 at 5:51 | Wall-to-wall | Open on mstdn.ca
6 comments
Alexander The 1st

@hunterhacker @dplattsf @pjohanneson @thomasfuchs Which is a long way of saying;

TL:DR; don't over share your information with strangers, and enable MFA already on anything you can't afford to lose.

6 Dec 2023 at 5:52 | Open on mstdn.ca
Jason Hunter replied to Alexander The 1st

@AT1ST @dplattsf @pjohanneson @thomasfuchs Good points. The fact a mother’s maiden name is considered a security secret is crazy. Birthdays too. (But to be safe, I get my Facebook birthday greetings on the wrong day. Everyone should have a real birthday and a social media public birthday.) 🎂

6 Dec 2023 at 7:50 | Open on mastodon.social
Alexander The 1st replied to Jason

@hunterhacker @dplattsf @pjohanneson @thomasfuchs I mean, part of what likely made one's mother's maiden name a go-to security question is that historically, at least among British/American/Canadian/German culture that I'm aware of, it's effectively destructing information; like DRM, it became harder and harder to find documentation on what it was, especially if you weren't part of the family in question...which still has the name.

What's made it less secure is making it more easily traceable -

6 Dec 2023 at 8:03 | Open on mstdn.ca
Alexander The 1st replied to Alexander The 1st

@hunterhacker @dplattsf @pjohanneson @thomasfuchs - not that that's a bad thing, it just...removes the "Something only you or people who have authorization to use your bank account information would likely know." property.

6 Dec 2023 at 8:03 | Open on mstdn.ca
Alexander The 1st replied to Alexander The 1st

@hunterhacker @dplattsf @pjohanneson @thomasfuchs (Though that reminds me of how SINs are social insurance numbers...used to identify you. It wasn't intended to be used that way, but...people did, because it effectively had that same property. "Who else but yourself and people who are authorized to act on your behalf are going to actually memorize that string of numbers?", effectively.)

6 Dec 2023 at 8:05 | Open on mstdn.ca
Alexander The 1st replied to Jason

@hunterhacker @dplattsf @pjohanneson @thomasfuchs (On that note, I once put a joke answer as an answer to a security question...and then regretted it when I needed to return the joke answer to the question to the one party that I needed to give it to, because I instead kept giving them the non-joke answer...before realizing "Oh right; you're the people I gave an incorrect answer to that question,my bad, it's this other thing because of this other thing.".

I may have repeated that since then.)

6 Dec 2023 at 8:11 | Open on mstdn.ca
Go Up