Comic Strips @lemmy.world TehBamski @lemmy.world 3mo ago

Security Question

Non-Political Memes @lemmy.ml hydration9806 @lemmy.ml 3mo ago

Security Question

94 4

40 comments

To Bones. You are a good boy. You also added a space after the "S". It's still you.
- Oh whew. I needed to see this because this comic had me surprisingly agitated.
  
  Curious, agitated that it wasn't Bones or the space?
- I immediately saw that do to how many times I have copy/pasted into text fields and they error out. What do you mean my routing number is invalid!
Someone tell Bones that you can lie on security questions
- Bones would never lie - he's a good boy, yes he is:-).
- Can and absolutely do. Pet is my standard security question and it's just a standardized password I use only on that field.
  
  You should most likely generate a unique one for each website, but I doubt any attacker is going to go to the trouble of capturing that once and trying it again as a security answer elsewhere.
So…. Am I the only person that generates a random password as an “answer”?
- There are at least two of us
- On phone: okay Sir, we need at least the name of your favourite dog for verification!
  
  give one second... It umm, AstronomicalTransmissionXylophoneInstitution
Bones. I'm sorry but you weren't my first dog. My first dog will forever be the answer when it comes to security questions. It's convenient. But you're really my favorite. I love you bones.
- Don't use real answers. "Security" questions have the same 'authority' as passwords (they can be used to change your password), but are often not treated with the same level of care as actual passwords.
  
  Meaning, SQ are often easier for a hacker to figure out and exploit. In that event, SQs are actually worse than passwords, because they're "unchangeable" (well, the real answer is). So if an SQ answer gets compromised, you're SOL
  
  The best option is to use a password manager, and randomly generate passwords and SQ answers (i use 1Password, but there are other good options)
  
  Edit: oh and, if you use real answers, then those are more likely to be publicly searchable on Facebook or socially engineered (like a "which dog are you" quiz)
- Plot twist: Bones' official full name is actually "James Bones", but he doesn't know.
How is even having these security questions even considered safe? What is more likely, person to know your password or a name of your favorite dog that you might get from that person's Facebook account?
- That's why you make the answers fake ones. Like instead of your actual favorite pet, you answer lassy or airbud or something stupid like that
  
  Even to the point of being nonsensical. I've had tech support chuckle at me but the intent was clear as day. Anyone can find my mother's maiden name. Good luck figuring out the answer I gave the bank.
- it's not. These are very bad practice that had obvious problems from the start.
  
  Sarah Palin's Yahoo account was broken into during the 2008 election by guessing her security questions. If it wasn't clear before then, it should have been clear after. No excuse for companies continuing to do this.
I have some old accounts locked behind a name of first crush

It’s kind of poetic
- Did you make those accounts back in middle school?
  
  Oddly specific question, why? Am I culturally daft? Is this a reference to some classic?
All y'all acting like Bones is a good boy who deserves to be the favorite when he is clearly being a BAD BOY.

Maybe trying to hack his best friend's account is why he isn't the favorite!
Psst... Try "McCoy", or "Dr. McCoy". :)
- Dammit Jim, I'm a Doctor not a golden retriever!
The correct answer was not BONES but possibly Bones or bones. Try again Bones!
The dog's real name is "Sir Reginald Bonington, esq." but their owner always just called them "Bones."
Gonna get a bit pedantic and point out that the question actually asks the name of FIRST pet, not FAVORITE.

40 comments