Post AcLOu2bH3mpsnTdXjU by captainslim@infosec.exchange
 (DIR) More posts by captainslim@infosec.exchange
 (DIR) Post #AcLOu0VWqB3GJ4vvV2 by chetwisniewski@securitycafe.ca
       2023-11-29T03:09:54Z
       
       1 likes, 0 repeats
       
       Great! TransUnion, whom I have the pleasure of receiving free credit monitoring from due to the MGM Casino breach in Sept, has a policy of only allowing 15 characters or less. Not like anything important is on the line or anything. Oh, they get bonus points for letting me skip the password with a trivial security question! #InfoSec #NotAFeature @boblord @thorsheim
       
 (DIR) Post #AcLOu1dMeWuhnfbhLs by thorsheim@mastodon.social
       2023-11-29T23:08:21Z
       
       0 likes, 0 repeats
       
       @chetwisniewski @boblord 1) do not use security questions. :)2) if you use a pwd.manager, use that to generate & remember random pwds as answers to security questions3) if a service provider uses security questions, tell them to stop using them.4) Recommending them a little bit of MFA, in particular WebAuthn/passkeys, is a good idea.5) Tell them using security questions is close to negligence, if not gross negligence, of recommended practices & standards today.
       
 (DIR) Post #AcLOu2bH3mpsnTdXjU by captainslim@infosec.exchange
       2023-11-30T02:31:59Z
       
       0 likes, 1 repeats
       
       @thorsheim @chetwisniewski @boblord United Airlines makes you choose from a list of allowed answers for their security questions.