by Patrick ➕follow (55) 💰tip ignore
Comments 1 - 24 of 24 Search these comments
I use Microsoft Authenticator. It’s an app. Is that safer or not really?
I will be moving to a dedicated home laptop when my online banking is done, and never anywhere else.
Hircus saysI will be moving to a dedicated home laptop when my online banking is done, and never anywhere else.
That's the same for me.
Also, I only have my old 'dumb' phone for any sort of verification code via text.
My smart phone is never used for registration of any kind.
I don't supply a cellphone number for additional verification, it's always my email.
2FA in my opinion is lazy security for people who don't want to create complex passwords, and update them regularly.
How can they hack back accounts like this? You need to answer a bazillion security questions.
mell saysHow can they hack back accounts like this? You need to answer a bazillion security questions.
It's not always easy. But, those security questions aren't always high quality either. In fact, many of them are easy to guess after a bit of research and process of elimination. Some websites don't give many choices, and force you to pick 3 questions, ensuring at least 1 of them will be some public knowledge question like "what city were you born in?".
I want to start lying on those questions (eg, say I was born in Nigeria), but it's a book keeping nightmare because there's many different questions, and keeping my lies straight is challenging.
One of the things I've been thinking about these "security questions" is that they make us less safe sometimes. Their public knowledge nature, and the fact that questions tend to be reused on many sites makes them function like a weak password. If you can recover your account via answering those questions, then the answers to the questions are functionally very similar to a username and password.
But, people tend to tell the truth on those questions, and they tend to use the same answer on all sites.
From what I've seen, coders don't usually treat them like passwords, and so the answers get stored in the site's database using plain text, opposed to how passwords are usually stored in hashed form (so theres no way to decrypt it even if stolen). If a hacker hacks "marthas-basketweaving.com", obtaining all accounts and their secret question answer, they have a chance of those secret question answers working on other sites. Or, like mentioned above, an employee writes info d...
Who's your favorite childhood friend should not be "Nick" but "NickTheDick" or so.
How is your email secured besides password?
A strong password can be stolen 100% remotely. The password doesn't change, and so it can be reused minutes or days later.
To break 2FA you usually need either physical device access (which rules out most of the world)
How can they hack bank accounts like this?
patrick.net
An Antidote to Corporate Media
1,191,925 comments by 13,863 users - AD, askmeaboutthesaltporkcure, steverbeaver online now