10

Fuck you Crapple.

I have to reset my password again just because I cant remember that one security question.

How the fuck am I supposed to know who my favourite primary school teacher is?

Comments
  • 6
    You answer them honestly?
    Why?
  • 3
    Somehow, that doesn't seem like an apple-specific/related problem.
  • 7
    You're not using a password manager in 2020? That's pretty cringe Bro. You know there's [place for a password manager ad, call me at 800-psswd-mngr]
  • 2
    For AppleID security questions? I just rolled my face on the keys for the answers and stored it all in my keepass, like everything else.
  • 4
    @Root Agreed. I always write bullshit in those. For OP's example, I would probably have written: "in my bed".

    @dontPanic *whispers* KeePassXC...
  • 0
    I also have a special relationship with "security" questions. I usually try adding another layer of security by making up a long answer on the spot and add some unusual characters to add even more entropy :D I'm still reluctant to use the pw manager, as it's an outsourced single point of failure that I could lose control over. So I am constantly trying to come up with a better system for generating and remembering these things in my head. Safest place on earth but unfortunately not super reliable :) Especially as associations may change over time.
  • 3
    @TheCommoner282

    Yeah, that's why I just enter gibberish. Someone trying to social engineer my acocunt will have to guess my pet guinea pig as a child was named liGL*&gbjhkb;jkln'l;jknvyuuhgb.
  • 2
    @bahua
    A kindred spirit. I too name all my pets in high R'Lyehian.
  • 1
    @sweetnothings This.

    Have some system that's unknown to anyone else and easy for you to answer by basing the answer off the question itself.

    Example system: Count the number of vowels. Look for the first vowel, and turn it into a color. Find the last noun in the sentence. Rearrange to answer the question.

    Another example system: start with "qxy", concat the first letter, the last letter of the second word, the length of the longest word, the first letter of the third word, the first punctuation mark, and the number of words.

    Question: Which elementary school did you attend?
    Answer #1: Indigo school number 14.
    Answer #2: qxyWy10s?6

    It sounds difficult to remember, but if it's your only system and you use it every time, it will quickly become automatic.

    Dont get me wrong, it's security through obscurity, but that's totally okay for something like this.
  • 1
    @TheCommoner282
    Never share the system. Ever.

    It's possible to deduce if you have more than one sample and some time on your hands, but that's pretty unlikely. There's also the problem of companies changing the question's wording, but that's also pretty rare.

    Genius: "What town did you grow up in?"
    Me: ".... qxyWn...4d...7"
    Genius: "But quaxy 47 isn't a city!"
    Me: "You're right! but so is my answer 😁 Check!"
    Genius: "How do you spell that? I left my ears in the toaster."
    Me: "haha, right you are. q x y ..." smile and nod. smile and nod.

    If they refuse to listen, there's always a manager. Idiots abound, afterall.

    Also: if someone with access to even a little bit of personal information wants to creep, they're going to creep. there isn't much you can do, privacy-conscious or not.
  • 1
    @TheCommoner282
    You can't exactly use GPG on security questions. There is no cryptographically secure solution -- and if there is, I want to know about it.

    * Answering truthfully is dangerous because the answers are guessable / determinable.

    * Answering everything with the same answer is dangerous for obvious reasons.

    * Using answers unrelated to the questions that are unique per site/company is dangerous because you are likely to forget them. And remember, you're likely being asked the security question(s) because you just forgot your password.

    * Keeping them in a password manager won't work because sometimes you won't have access to it, and the questions are intended for recovery anyway. If you have your password manager, password recovery is already moot.

    The type of system I described is the best approach I've found to a flawed system. If it isn't good enough, what would you suggest instead?
  • 1
    This is my system.
Add Comment