Ask Lemmy
A Fediverse community for open-ended, thought provoking questions
Rules: (interactive)
1) Be nice and; have fun
Doxxing, trolling, sealioning, racism, and toxicity are not welcomed in AskLemmy. Remember what your mother said: if you can't say something nice, don't say anything at all. In addition, the site-wide Lemmy.world terms of service also apply here. Please familiarize yourself with them
2) All posts must end with a '?'
This is sort of like Jeopardy. Please phrase all post titles in the form of a proper question ending with ?
3) No spam
Please do not flood the community with nonsense. Actual suspected spammers will be banned on site. No astroturfing.
4) NSFW is okay, within reason
Just remember to tag posts with either a content warning or a [NSFW] tag. Overtly sexual posts are not allowed, please direct them to either !asklemmyafterdark@lemmy.world or !asklemmynsfw@lemmynsfw.com.
NSFW comments should be restricted to posts tagged [NSFW].
5) This is not a support community.
It is not a place for 'how do I?', type questions.
If you have any questions regarding the site itself or would like to report a community, please direct them to Lemmy.world Support or email info@lemmy.world. For other questions check our partnered communities list, or use the search function.
6) No US Politics.
Please don't post about current US Politics. If you need to do this, try !politicaldiscussion@lemmy.world or !askusa@discuss.online
Reminder: The terms of service apply here too.
Partnered Communities:
Logo design credit goes to: tubbadu
view the rest of the comments
I always thought these "ask" communities were a great vector to extract PII.
all you'd need to do is link users to leaked identities and probably get access to accounts quickly.
this is why I make up the wrong answers to any of those questions.
I swear to God any account system that uses security questions is brain dead.
For one, a third party can get access to that information with relative ease in many cases but furthermore, some of the security questions are subjective. If a security question asks me during account creation what my favorite restaurant is, what my favorite food is. That answer might literally change, I might not be able to remember the head space I was in when I made the account.
Yes yes let's protect your password with three shittier passwords for no good reason.
completely agree.
on the other side though, some.of the questions are things that are easily found. things like, "what street did you grow up on" or "what is your mothers maiden name". like...that shit can be found for free, like right now on the internet at about 200 data brokers.
how about we get an option for hardware keys? or better yet, pgp/rsa keys?
factor those in with password and MFA there should never be a reason why someone (who knows wtf they're doing) would ever get locked out of their accounts.
I just had to recover my PSN account from a decade ago and I did this with my mother's maiden name apparently
luckily I managed to remember the false birth date I had also used