|
|
|
|
|
|
by PhantomGremlin
1789 days ago
|
|
|
It's a complicated issue. I think some people don't make any real effort to keep track of their passwords, and so reset via email is kind of common. But what if you're Sarah Palin, governor of some out-of-the-way state (pop. 736,000). Suddenly you're thrust into the spotlight as a VP candidate. Sucks for her that Yahoo's password reset questions at the time were simple: The Yahoo! account's password could be reset using shared secret questions including "where did you meet your spouse?" along with the date of birth and ZIP code of the former governor to which answers were easily available online. https://en.wikipedia.org/wiki/Knowledge-based_authentication Can you trust your email provider not to let your account get "stolen" from you? I think having a discussion like this on HN is great. It gives people an opportunity to re-evaluate their current procedures. |
|
|