As long as you can choose the answer, you can also choose what the question really is. You can just decide that questions about your mum’s maiden name are actually asking you about the last name of the doctor that delivered your first born.
Or, better yet don’t tie security to personal or externally verifiable information about yourself. In the one or two cases, in recent years, where I’ve had to fill out such (in)security questions, I’ve just treated them as additional password fields, where I just create additional fields for them in my password manager, and generate long, random responses as their correct answers. Why yes, my mother’s maiden name is Correct7Horse@Battery!Staple, why do you ask?
Security questions are an idiotic type of “security”, so of course I never enable them if they’re optional, which they almost always are. As I said, I can count on half a hand how often I’ve used them in recent years.
Occasionally, though, they can be the least bad two-factor option available on a service that either requires 2FA or which makes itself, indeed, a hassle to use when you don’t have any 2FA enabled, such as by throwing captchas at you up the wazoo. If such a service only offers 2FA by email, text message or security questions, then hell yeah, I’ll take the latter option any day of the week. Needing an emailed link or code to log in, now that’s a hassle. Same deal with text messages, but with the additional benefit of them being insecure as hell. You know what’s not a hassle, though? Having one extra field auto-filled by your password manager. That’s the hassle-free option.
As for taking things seriously or not - are you really trying to tell me that you don’t have anything that’s important enough to care about keeping secure? And if not, why would you not care about keeping anything that’s important secure? Especially when it’s so easy, and indeed, hassle-free, to have that security fully automated and handled by your password manager. If your gut reaction to security is that it’s a hassle, then I’m sorry to say that you most likely have both poor security, and unnecessarily difficult or annoying-to-use security, too. Do you subject yourself to the mental load of having to remember all of your hundreds of passwords in your head? Talk about a hassle. Or do you just use the same password for everything? Now that would be a hassle, to have not just one random account somewhere compromised, but to have all of your accounts, everywhere at once, compromised.
You had to share your password over the phone? That’s asinine. And you say it was your bank, and a major one, to boot? Wow. If that’s their approach to security, I’d tell them they can just look up my password in their database, which I’d assume to be in plaintext too (and to actually just be a really big Excel sheet).
Anyway, regardless, you need some passphrases in your life! So much easier to deal with, if you ever have to share it out loud, and more importantly, a whole lot easier for you to parse and manually type, on the occasions where it can’t be auto-filled. As I said before, Correct Horse Battery Staple! :)
As long as you can choose the answer, you can also choose what the question really is. You can just decide that questions about your mum’s maiden name are actually asking you about the last name of the doctor that delivered your first born.
Or, better yet don’t tie security to personal or externally verifiable information about yourself. In the one or two cases, in recent years, where I’ve had to fill out such (in)security questions, I’ve just treated them as additional password fields, where I just create additional fields for them in my password manager, and generate long, random responses as their correct answers. Why yes, my mother’s maiden name is Correct7Horse@Battery!Staple, why do you ask?
Such hassle…
I guess it means yes, you take that stuff for serious.
A hassle, huh?
Security questions are an idiotic type of “security”, so of course I never enable them if they’re optional, which they almost always are. As I said, I can count on half a hand how often I’ve used them in recent years.
Occasionally, though, they can be the least bad two-factor option available on a service that either requires 2FA or which makes itself, indeed, a hassle to use when you don’t have any 2FA enabled, such as by throwing captchas at you up the wazoo. If such a service only offers 2FA by email, text message or security questions, then hell yeah, I’ll take the latter option any day of the week. Needing an emailed link or code to log in, now that’s a hassle. Same deal with text messages, but with the additional benefit of them being insecure as hell. You know what’s not a hassle, though? Having one extra field auto-filled by your password manager. That’s the hassle-free option.
As for taking things seriously or not - are you really trying to tell me that you don’t have anything that’s important enough to care about keeping secure? And if not, why would you not care about keeping anything that’s important secure? Especially when it’s so easy, and indeed, hassle-free, to have that security fully automated and handled by your password manager. If your gut reaction to security is that it’s a hassle, then I’m sorry to say that you most likely have both poor security, and unnecessarily difficult or annoying-to-use security, too. Do you subject yourself to the mental load of having to remember all of your hundreds of passwords in your head? Talk about a hassle. Or do you just use the same password for everything? Now that would be a hassle, to have not just one random account somewhere compromised, but to have all of your accounts, everywhere at once, compromised.
I once did that, and had to spell out a 32 character alphanumeric password with special characters over the phone lol
You had to share your password over the phone? That’s asinine. And you say it was your bank, and a major one, to boot? Wow. If that’s their approach to security, I’d tell them they can just look up my password in their database, which I’d assume to be in plaintext too (and to actually just be a really big Excel sheet).
Anyway, regardless, you need some passphrases in your life! So much easier to deal with, if you ever have to share it out loud, and more importantly, a whole lot easier for you to parse and manually type, on the occasions where it can’t be auto-filled. As I said before, Correct Horse Battery Staple! :)
Sorry, it was a security question, not a password, my bad!
And yes, I have since been enlightened about the church of the correct horse battery staple