View Single Post
Old 23 May 2017, 07:34 AM   #14
TenFour
Master of the @
 
Join Date: Feb 2017
Location: USA
Posts: 1,683
The thing I find about password reset questions is that you do need them eventually, so fake answers are bound to lock you out too! I've just had to go through all sorts of hoops for an elderly relative that can't remember anything anymore, but thanks to their password questions being decipherable to me (with some research) I was able to break into their accounts and save them from huge medical bills, etc., by being able to pay overdue invoices. A few years ago I had to go through the Google reset process and was just barely able to do it, thanks to having answered questions with real answers. So, this cuts both ways to me: it indicates that it is fairly easy to break into an account once you know a lot about a person, but on the other hand if you make it too hard to get in you will be locked eventually too! The thing is that some questions are pretty common, but how would a hacker know which question is used with which account? In other words, the make and model of my first car could be used on several sites, but even I do not know on which ones it was asked. How could a hacker use that information if they somehow obtained it? I suppose they could if they were targeting me and I was a high-value target, but I strongly suspect I am not (no money) and most of us are not so the effort required would be much higher than the reward.
TenFour is offline   Reply With Quote