06-18-2017, 11:06 PM
(This post was last modified: 06-18-2017, 11:06 PM by danbrotherston.)
(06-18-2017, 10:42 PM)panamaniac Wrote:(06-18-2017, 10:30 PM)danbrotherston Wrote: So, think of the average user, the average user doesn't even know what a password manager is, let alone how to use one. But also, this entirely defeats the purpose of the security questions, the purpose being that in the event you lose your password (for example, if your password manager database is lost), you are able to securely identify yourself another way by knowing this information about yourself independently from your password.
Not that it's a great system anyway, these questions are both guessable and also hard to remember. Security questions should be a relic of the past.
Leading many to use a single password for all purposes. Terrible practice, but what can they do?
Well, accept that people will do this an implement better two factor auth systems for starters.
We have this discussion with roads, you cannot fix people, our systems should accept that and accommodate our failings instead.
This type of thing would be excusable 10 years ago, but now we have much better options.