The problem of sharing too much info about yourself in those innocuous looking quizzes shared on social media

https://krebsonsecurity.com/2018/04/dont-give-away-historic-details-about-yourself/

“... in these informal surveys is that in doing so you may be inadvertently giving away the answers to “secret questions” that can be used to unlock access to a host of your online identities and accounts.”

#OPSEC

@cypnk This is another reason why password managers are so important. You can store more than passwords in them!

Q: What city were you born in?
A: Sigourney Weaver

Q: What is your father's middle name?
A: Porcupine

Q: What was the name of your first school?
A: Mint Chocolate Chip

That way, even if you get tricked into telling somebody the real answers it won't do them any good.

#opsec

@gme
When will you use your security questions if not when you lost your password manager database? I am not challenging the usage of password managers. I am challenging the storage of the security question answers in the same database.
@cypnk

@x_cli @cypnk If I lose access to my password manager then I've got larger problems.

@gme
You missed the point here. You are putting your eggs and your egg recovery method in the same basket, here.
@cypnk

@x_cli @cypnk I think you miss my point. :-)

When one uses a password vault such as 1Password, they dramatically reduce the risk of locking themselves out of their account.

By not giving websites real answers to security questions, one dramatically reduces the risk of others gaining unauthorized access to one's account.

If I lose access to my 1Password vault I'm probably either dead or incapacitated at which point I don't want others gaining access to my accounts anyways.

@gme
Hmmm then what's the point of giving actual answers (that need to be recorded in your vault) to these questions? Just insert random values.
@cypnk