The problem of sharing too much info about yourself in those innocuous looking quizzes shared on social media
https://krebsonsecurity.com/2018/04/dont-give-away-historic-details-about-yourself/
“... in these informal surveys is that in doing so you may be inadvertently giving away the answers to “secret questions” that can be used to unlock access to a host of your online identities and accounts.”
@cypnk This is another reason why password managers are so important. You can store more than passwords in them!
Q: What city were you born in?
A: Sigourney Weaver
Q: What is your father's middle name?
A: Porcupine
Q: What was the name of your first school?
A: Mint Chocolate Chip
That way, even if you get tricked into telling somebody the real answers it won't do them any good.
@x_cli @cypnk I think you miss my point. :-)
When one uses a password vault such as 1Password, they dramatically reduce the risk of locking themselves out of their account.
By not giving websites real answers to security questions, one dramatically reduces the risk of others gaining unauthorized access to one's account.
If I lose access to my 1Password vault I'm probably either dead or incapacitated at which point I don't want others gaining access to my accounts anyways.
@gme @x_cli Hopefully, if you lost access to 1Password, you're just a wee bit under the weather and not incapacitated or dead 🙏
Meanwhile, I'm a strong proponent of hardware 2FA keys. Luckily, the accounts I really care about do support this
When I went camping, I took my work Yubikey with me and it survived snow, damp weather, and pretty rough conditions so you don't have to worry too much about being gentle with them
@gme Oh gosh, don't even get me started on memory. This morning, I forgot whether or not I had coffee 😭
It's a good feature. 1Password should users decide for themselves
Losing your key is a risk, but I look at it from a "what could happen if someone else gains access to my account" perspective. If someone pretends to be me and wreaks havoc...
It's a balance, for sure, but for my accounts that's worth it. I don't use one for my personal email, but it's mandatory for all my work stuff
@cypnk The user bears some responsibility for choosing a sufficiently long and secure password. I used to use this one because I thought I was being clever:
"I can't tell you the password because I don't remember it!"
That actually used to be my passphrase many many many years ago.
Glad I never got a chance to test it.
@cypnk @x_cli That's the one thing I wish 1Password supported was YubiKeys. (I have 4 for various purposes) but they so far have been reluctant to add it. And I wonder if that's because if you lose your yubikey you lose your vault.
I had a scare where I changed my passphrase right before going on vacation, and when I came back I couldn't remember my new passphrase.
Took me a week to finally remember it.
I better not get Alzheimer's!