**r҉ustic cy͠be̸rpu̵nk🤠🤖** @cypnk@mastodon.social · Apr 09, 2018, 22:18

**r҉ustic cy͠be̸rpu̵nk🤠🤖** @cypnk@mastodon.social · Apr 09, 2018, 22:18

r҉ustic cy͠be̸rpu̵nk🤠🤖 @cypnk@mastodon.social

The problem of sharing too much info about yourself in those innocuous looking quizzes shared on social media

https://krebsonsecurity.com/2018/04/dont-give-away-historic-details-about-yourself/

“... in these informal surveys is that in doing so you may be inadvertently giving away the answers to “secret questions” that can be used to unlock access to a host of your online identities and accounts.”

#OPSEC

**The GME™🙈🙉🙊** @gme@toot.zone · Apr 09, 2018, 22:54

**The GME™🙈🙉🙊** @gme@toot.zone · Apr 09, 2018, 22:54

@cypnk This is another reason why password managers are so important. You can store more than passwords in them!

Q: What city were you born in?
A: Sigourney Weaver

Q: What is your father's middle name?
A: Porcupine

Q: What was the name of your first school?
A: Mint Chocolate Chip

That way, even if you get tricked into telling somebody the real answers it won't do them any good.

#opsec

**X_Cli** @x_cli · Apr 10, 2018, 17:37

**X_Cli** @x_cli · Apr 10, 2018, 17:37

@gme
When will you use your security questions if not when you lost your password manager database? I am not challenging the usage of password managers. I am challenging the storage of the security question answers in the same database.
@cypnk

**The GME™🙈🙉🙊** @gme@toot.zone · Apr 10, 2018, 20:04

**The GME™🙈🙉🙊** @gme@toot.zone · Apr 10, 2018, 20:04

@x_cli @cypnk If I lose access to my password manager then I've got larger problems.

**X_Cli** @x_cli · Apr 11, 2018, 05:32

**X_Cli** @x_cli · Apr 11, 2018, 05:32

@gme
You missed the point here. You are putting your eggs and your egg recovery method in the same basket, here.
@cypnk

**The GME™🙈🙉🙊** @gme@toot.zone · Apr 11, 2018, 10:26

**The GME™🙈🙉🙊** @gme@toot.zone · Apr 11, 2018, 10:26

@x_cli @cypnk I think you miss my point. :-)

When one uses a password vault such as 1Password, they dramatically reduce the risk of locking themselves out of their account.

By not giving websites real answers to security questions, one dramatically reduces the risk of others gaining unauthorized access to one's account.

If I lose access to my 1Password vault I'm probably either dead or incapacitated at which point I don't want others gaining access to my accounts anyways.

**X_Cli** @x_cli · 2018-04-11T12:51:51Z

X_Cli @x_cli

@gme
Hmmm then what's the point of giving actual answers (that need to be recorded in your vault) to these questions? Just insert random values.
@cypnk

Apr 11, 2018, 12:51 · Mastalab · 0 · 0

**The GME™🙈🙉🙊** @gme@toot.zone · Apr 11, 2018, 12:52

**The GME™🙈🙉🙊** @gme@toot.zone · Apr 11, 2018, 12:52

@x_cli @cypnk So you can correctly answer the questions and authenticate yourself when you inevitably need to call customer service.

**X_Cli** @x_cli · Apr 11, 2018, 12:54

**X_Cli** @x_cli · Apr 11, 2018, 12:54

@gme
Hmmm, I guess my assumption was that you would only need your security answers for password reset. You seem to imply that they would be asked for other purposes (which is catastrophic security practices, btw)
@cypnk

**The GME™🙈🙉🙊** @gme@toot.zone · Apr 11, 2018, 12:55

**The GME™🙈🙉🙊** @gme@toot.zone · Apr 11, 2018, 12:55

@x_cli @cypnk Such is life.