Yup. You pretty much have to do this. I love signing into my bank's bill payment... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		jrockway on Dec 1, 2022 \| parent \| context \| favorite \| on: Lastpass Security Incident Yup. You pretty much have to do this. I love signing into my bank's bill payment system. "You appear to know your password and possess your second factor. But what's your favorite book? <all lowercase favorite book> WRONG YOUR FAVORITE BOOK IS ACTUALLY <starts with an uppercase book> NOW YOUR ACCOUNT IS LOCKED." Even if you're using real answers, you will be locked out of your account if you don't treat them like passwords. Eventually.

xboxnolifes on Dec 1, 2022 [–]

Worse yet, real answers are just weaker passwords. Mother's maiden name? Childhood friend? Elementary / high school? For a targeted attack, against most people, this is very insecure in the all information online age. Nobody needs to know your 20 character password if they have your social media page.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact