@gme @cypnk Aha! So the city you were born in is Mint Chocolate Chip! I get it.

@BobTarte @cypnk Exactly. Or not.

There is a downside to this method though, getting past the laughter when you have to call-in and speak to a real person and they want to verify you are who you say you are.

@gme @cypnk Hahaha, I hadn't thought of that. But you probably give those poor souls a much needed laugh.

@BobTarte @cypnk For the longest time I would just copy & paste the output from uuidgen into those fields.

I stopped doing that when I had to call my brokerage firm to update something and spent 30 minutes trying to read that off to them:

alpha-foxtrot-foxtrot-zero-eight-bravo-echo-one-seven

No....

foxtrot-foxtrot not foxtrot-alpha-zeo

hello? are you dyslexic?

oh shit, I'm sorry. i had no idea.

@gme @cypnk That's hilarious. Definitely not worth repeating that experience.

@gme
When will you use your security questions if not when you lost your password manager database? I am not challenging the usage of password managers. I am challenging the storage of the security question answers in the same database.
@cypnk

@x_cli @cypnk If I lose access to my password manager then I've got larger problems.

@gme
You missed the point here. You are putting your eggs and your egg recovery method in the same basket, here.
@cypnk

@x_cli @cypnk I think you miss my point. :-)

When one uses a password vault such as 1Password, they dramatically reduce the risk of locking themselves out of their account.

By not giving websites real answers to security questions, one dramatically reduces the risk of others gaining unauthorized access to one's account.

If I lose access to my 1Password vault I'm probably either dead or incapacitated at which point I don't want others gaining access to my accounts anyways.

@gme @x_cli Hopefully, if you lost access to 1Password, you're just a wee bit under the weather and not incapacitated or dead 🙏

Meanwhile, I'm a strong proponent of hardware 2FA keys. Luckily, the accounts I really care about do support this

When I went camping, I took my work Yubikey with me and it survived snow, damp weather, and pretty rough conditions so you don't have to worry too much about being gentle with them

@cypnk @x_cli That's the one thing I wish 1Password supported was YubiKeys. (I have 4 for various purposes) but they so far have been reluctant to add it. And I wonder if that's because if you lose your yubikey you lose your vault.

I had a scare where I changed my passphrase right before going on vacation, and when I came back I couldn't remember my new passphrase.

Took me a week to finally remember it.

I better not get Alzheimer's!

@gme Oh gosh, don't even get me started on memory. This morning, I forgot whether or not I had coffee 😭

It's a good feature. 1Password should users decide for themselves

Losing your key is a risk, but I look at it from a "what could happen if someone else gains access to my account" perspective. If someone pretends to be me and wreaks havoc...

It's a balance, for sure, but for my accounts that's worth it. I don't use one for my personal email, but it's mandatory for all my work stuff

@cypnk The user bears some responsibility for choosing a sufficiently long and secure password. I used to use this one because I thought I was being clever:

"I can't tell you the password because I don't remember it!"

That actually used to be my passphrase many many many years ago.

Glad I never got a chance to test it.

@gme
Hmmm then what's the point of giving actual answers (that need to be recorded in your vault) to these questions? Just insert random values.
@cypnk

@x_cli @cypnk So you can correctly answer the questions and authenticate yourself when you inevitably need to call customer service.

@gme
Hmmm, I guess my assumption was that you would only need your security answers for password reset. You seem to imply that they would be asked for other purposes (which is catastrophic security practices, btw)
@cypnk

@x_cli @cypnk Such is life.

@gme @cypnk

I hadn't thought about that but that's a really good idea.