|
|
|
|
|
|
by kadoban
1429 days ago
|
|
|
Secret questions are _barely_ 2fa or not 2fa at all, depending on the implementation, they're just about the worst idea in security. They're either public info, arbitrary, or some combination of the two. If you answer them honestly you're very vulnerable to account takeover. Many places treat them as a strict override of the password instead of something additional to a password. The only sensible way to treat them, as a user, is as backup passwords, which ends up making quite little sense. |
|
|