Hacker News new | ask | show | jobs
by usr1106 2477 days ago
Another nasty experience I had recently: On an account I hadn't used for ages and for unexplicable reasons was not covered by my pw manager they did not present me the security question for password reset. Instead they gave me the whole list and said answer the security question you had chosen at registration. Of course I didn't remember, the list had no option I would always pick.
2 comments
Strom 2477 days ago
I've ran into this a few times and so now I always store the question in my password manager too.
link
toper-centage 2477 days ago
That actually makes it slightly more acceptable to use security questions I guess.
link
VMG 2477 days ago
Normal users will probably try different question-answer combinations until they get a hit, submitting a lot of personal data in the process
link