The answer is yes, and the TL;DR is not to use them, use 2FA, and not share personal details online (which is hopefully all obvious advice)
cross-posted from: https://lemmy.world/post/12060980
The answer is yes, and the TL;DR is not to use them, use 2FA, and not share personal details online (which is hopefully all obvious advice)
cross-posted from: https://lemmy.world/post/12060980
Once, I made an account for something that let me write my own security question and answer. I thought that was much better than the usual options and wrote something that cryptically referenced a difficult problem I once worked on. The answer could possibly be found online, but only to someone who properly understood the question. Later, when I needed to authenticate myself again, I got my security question. The answer isn’t something you typically memorize, but I knew what the prompt meant and how to work it out so I did so.
But I was too slow. Apparently you had to answer within one minute. It took me about ten so it locked me out. Tech support helpfully reset my password after merely verifying my phone number and SSN which are probably known to thousands.