Post AnIrRZ1ykmcfQ2wWkC by TheLancashireman@hostux.social
(DIR) More posts by TheLancashireman@hostux.social
(DIR) Post #AnITqqDJbisF3BlX7o by foone@digipres.club
2024-10-23T11:54:36Z
2 likes, 2 repeats
Bad idea: a character who cannot use any common password reminder questions.* they have never had a pet* no mother's maiden name, no mother: they have two fathers, neither of who changed their name.* they were homeschooled, so no high-schools and first grade teachers (arguable)* they've never been on vacation* they are not into music, so they have no favorite band.* they haven't dated anyone* they're colorblind so no favorite color* they didn't go to college* they don't drive
(DIR) Post #AnIU2EjemEEkHwKKYK by shtrom@piaille.fr
2024-10-23T11:56:17Z
0 likes, 0 repeats
@foone unhackable!
(DIR) Post #AnIU3tuXAn8eHVCyJ6 by rohini@mastodon.social
2024-10-23T11:56:23Z
0 likes, 0 repeats
@foone That's a hard life.
(DIR) Post #AnIUHDu49XYi3FLGFs by foone@digipres.club
2024-10-23T11:59:22Z
1 likes, 0 repeats
* they were born, at home, in some unincorporated rural area. So no birth city or hospital name.* for reasons unclear to them, their fathers do not like sharing any biographical information about themselves. So no "father's birth year" sorts of questions (also: which father?)* they've not met their extended relatives. No grandma's name or oldest cousin.* they don't really watch movies or TV: they have no favorite actors.* (does anyone ask favorite author? Or is that too error prone)
(DIR) Post #AnIUKMdq7XRe1OFYXI by Newmy@writing.exchange
2024-10-23T11:59:51Z
0 likes, 0 repeats
@foone Born on an airplane therefore not any particular city, spent childhood on the road therefore no street name to recall
(DIR) Post #AnIUWupmopH7Xjp5Ae by guyjantic@c.im
2024-10-23T12:02:12Z
0 likes, 0 repeats
@foone These potentially fucked-up characters sound potentially fascinating.
(DIR) Post #AnIUeyr9kTSiKmJEiu by hub@cosocial.ca
2024-10-23T12:03:38Z
0 likes, 0 repeats
@foone * they lived in the woods, so no street where they grew up
(DIR) Post #AnIV0lenVJJhlfuwWe by foone@digipres.club
2024-10-23T12:07:36Z
1 likes, 0 repeats
* they have never had a stuffed toy (awww)* they are an only child, so they can't be asked about oldest sibling (or worse: youngest)* they've had no children, because sometimes that one comes up* they're a radical work abolitionist so they don't have a "dream job", you brainwashed capitalist scum. * they're lactose intolerant and do not have a favorite flavor of ice cream
(DIR) Post #AnIV5eqIGfYA54cu0m by foone@digipres.club
2024-10-23T12:08:18Z
1 likes, 0 repeats
* their childhood home didn't not have a landmine, so no childhood number to ask about. Honestly that one isn't that weird, if they're young... Yeah it might not!
(DIR) Post #AnIVAGaZrwumJ9TODo by foone@digipres.club
2024-10-23T12:09:19Z
0 likes, 0 repeats
* can kill Macbeth (not a man of woman born)
(DIR) Post #AnIVJJZa90SGAWK13Y by ozzelot@mstdn.social
2024-10-23T12:10:56Z
0 likes, 0 repeats
@foone landmine
(DIR) Post #AnIVW06NqdijXriJJA by bloognoo@retro.pizza
2024-10-23T12:13:10Z
0 likes, 0 repeats
@foone@woolworrier thinks they'd need to be born into a doomsday cult and hence would never need a password. I think it would be kind to give them the xbox controller back and let them mash buttons with their face in leiu of a password, which is already supported.
(DIR) Post #AnIVbClICrlqFzKWmG by jmi@glasgow.social
2024-10-23T12:13:26Z
0 likes, 0 repeats
@foone I always get Macbeth and the Witch King of Angmar confused
(DIR) Post #AnIVf1rseQrTd3EdRw by yvan@toot.ale.gd
2024-10-23T12:14:51Z
0 likes, 0 repeats
@foone the serial number of my childhood landmine is my preferred "secret question" answer.
(DIR) Post #AnIVl3DOYWhXXnAaGm by Kassil@dice.camp
2024-10-23T12:15:56Z
0 likes, 0 repeats
@foone ... I sure hope it didn't have a landmine.
(DIR) Post #AnIVmK4FNtKA6IUtTk by eal@post.ebin.club
2024-10-23T12:02:35.239342Z
1 likes, 0 repeats
@evamik @foone >whybecause they're not using a password manager and need to remember (or at least be able to replicate) what they answered
(DIR) Post #AnIWi6aLfXMd5946oy by suetanvil@freeradical.zone
2024-10-23T12:26:34Z
0 likes, 0 repeats
@foone The devil's in the details, of course, but that sounds like a really sad childhood.
(DIR) Post #AnIXMORWh4Zi3A9Ksa by lpwaterhouse@ioc.exchange
2024-10-23T12:33:54Z
0 likes, 0 repeats
@foone So, they randomly end up recognizing "Security Question" is just marketing-speak for "second password" and use a properly generated random one as "answer" like everyone *should*?
(DIR) Post #AnIXbqzKqSqUvRKra4 by dimin@mastodon.social
2024-10-23T12:36:35Z
0 likes, 0 repeats
@foone I never understood why you can't let users input their own security questions? Surely this would be more secure than some easy to find/social engineer out information?
(DIR) Post #AnIXeyGMFs8iM7mgPQ by Argonel@dice.camp
2024-10-23T12:37:05Z
0 likes, 0 repeats
@foone in related concerns everyone advises that you not repeat passwords, does anyone advise not repeating mothers maiden names? Also does anyone hash and salt password reset questions or are they a much softer target than people's passwords?
(DIR) Post #AnIXp6ANiyVPlRomHY by foone@digipres.club
2024-10-23T12:38:57Z
0 likes, 0 repeats
@eibhear hello, asexual at your service!
(DIR) Post #AnIY9nDbMsPx4yBxvU by foone@digipres.club
2024-10-23T12:42:51Z
0 likes, 0 repeats
@ozzelot whoopty fuck
(DIR) Post #AnIYNQlrciuNVvil96 by foone@digipres.club
2024-10-23T12:45:18Z
0 likes, 0 repeats
@jmi one definitely was written in response to the other.That's not even the only Macbeth reference in LOTR! "Till Birnam wood remove to Dunsinane". Shakespeare's answer: an army cuts down the forest and uses it for camouflage. Tolkien's answer: THE ENTS: TREE-MEN THAT WALK!
(DIR) Post #AnIYd5WAPUIsEQqQzI by foone@digipres.club
2024-10-23T12:48:00Z
0 likes, 0 repeats
@trysdyn this hypothetical person is suspiciously similar to me in several ways too. Maybe that's why I was thinking about it.
(DIR) Post #AnIYueKoDPHb8YuEyW by Krazov@mstdn.social
2024-10-23T12:51:09Z
0 likes, 0 repeats
@foone, but that's even better: this prevents them from using googleable or otherwise retrievable information. Instead, they can choose something obvious for them but not making any sense otherwise. OpSec 11/10
(DIR) Post #AnIZNnITyK6rKciOiu by oddhack@mstdn.social
2024-10-23T12:56:33Z
0 likes, 0 repeats
@foone Bad idea: treating password reminder questions as anything other than a weird prompt for a strong second password having nothing to do with the words in the question.
(DIR) Post #AnIaGAddPF1DMPXOCm by ducklingsmith@retro.pizza
2024-10-23T13:06:20Z
0 likes, 0 repeats
@foone I read across two posts and was like "oh yeah, that makes sense, a landmine wouldn't be of woman born, you could totally take Macbeth out with a landmine"
(DIR) Post #AnIaMYRxmsykwt7ezY by hj@shigusegubu.club
2024-10-23T13:07:54.007162Z
0 likes, 0 repeats
@evamik @foone i just keysmash to make those worthless
(DIR) Post #AnIaVKQhHhCY4UiKXo by curtmack@floss.social
2024-10-23T13:09:01Z
0 likes, 0 repeats
@foone Fun (or not-so-fun) fact: this is true for my mom's biological father. I won't give the full story here (it's not *bad* bad, just... mildly bad), but suffice to say, if he's even still alive, he's unlikely to ever come forward. It's always fun to explain that to doctors when they ask for my family history.
(DIR) Post #AnIbyfivIDdUSvnLfs by Zotmeister@mastodon.online
2024-10-23T13:25:38Z
0 likes, 0 repeats
@foone Just wanted to confirm that "favorite author" IS a security question I've seen in the wild and is in fact one in active use for me on at least one site.
(DIR) Post #AnIc9pX99xOG4nbiOO by Scmbradley@mathstodon.xyz
2024-10-23T13:27:34Z
0 likes, 0 repeats
@foone I'm lactose intolerant but I have a favourite flavour of ice cream (Jude's vegan salted caramel).
(DIR) Post #AnIcaqbfHLGBDrbTU0 by lemgandi@mastodon.social
2024-10-23T13:32:29Z
0 likes, 0 repeats
@foone I always answer these questions with nonsense syllables. With the state of data privacy where I live, a truthful answer is a security hole. I use a password manager and it's backed up, so I don't forget passwords.
(DIR) Post #AnIcjOkWDjG7Qnp1rk by cspwal@techhub.social
2024-10-23T13:34:01Z
0 likes, 0 repeats
@foone they also were left at a fire station so don’t know where they were born
(DIR) Post #AnIeXqeYqf8MPIeiXI by Enema_Cowboy@dotnet.social
2024-10-23T13:54:21Z
0 likes, 0 repeats
@foone Hopefully they cannot answer these questions, either.https://www.mcsweeneys.net/articles/nihilistic-password-security-questions
(DIR) Post #AnIgn5w6VbkC3gG7wO by lanodan@queer.hacktivis.me
2024-10-23T14:19:54.043244Z
0 likes, 0 repeats
@foone And pretty sure there's a non-zero amount of people in that situation, in fact I think I once ended up in that situation with a different set of "security" questions, but well I just slap randomly picked words in there (saved encrypted just in case).
(DIR) Post #AnIgtLAgmGML2z3ju4 by lanodan@queer.hacktivis.me
2024-10-23T14:21:01.788269Z
1 likes, 0 repeats
@hj @foone @evamik I would do this but I'm pretty sure there's some company from hell that's going to be like: Oh you want to change the password? Fill the "security" question.
(DIR) Post #AnIhwRwQACf2rmQqdk by thatbrickster@shitposter.world
2024-10-23T14:32:54.388510Z
0 likes, 1 repeats
@foone Good idea: Lie so people trying to gain unauthorised access don't find out true things about you.
(DIR) Post #AnIiKuLKDbMXu1k8vo by mikeash@mastodon.sdf.org
2024-10-23T14:36:27Z
0 likes, 0 repeats
@foone That’s not what they mean when they say you need a special character.
(DIR) Post #AnImNmIH08ptcjwKbw by vonMausUndKevin@ruhrpott.social
2024-10-23T15:22:08Z
0 likes, 0 repeats
@foone "Landmine" Hope so! If they didn't have ANY of this.....
(DIR) Post #AnIq5RpwijKsmYCmSu by Cadbury_Moose@wandering.shop
2024-10-23T16:00:34Z
0 likes, 0 repeats
@foone It was much more fun with the autocarrot substitution though.3:O)>
(DIR) Post #AnIqEkDxj4nOPps5rs by TheLancashireman@hostux.social
2024-10-23T16:02:48Z
0 likes, 0 repeats
@lanodan @foone @hj @evamik Exactly the point. You mash the keyboard when setting it up and get something like bjuhsfip[Just make sure that you record it safely so you can spell it for the security bot when they ask.
(DIR) Post #AnIqElfeLcXMtzpifA by lanodan@queer.hacktivis.me
2024-10-23T16:05:43.338341Z
0 likes, 0 repeats
@TheLancashireman @foone @hj @evamik I never mash the keyboard, head -c 16 /dev/urandom | base64
(DIR) Post #AnIqGN4ukkZRD1PnHs by TheLancashireman@hostux.social
2024-10-23T16:05:40Z
0 likes, 0 repeats
@foone @jmi OGodOGodOGod memories of studying Macbeth for the 3rd time at school ...When I first saw the word I read it as Dun-insane 🤣
(DIR) Post #AnIqMkyCpwV72tK1oG by nyanide@lab.nyanide.com
2024-10-23T16:07:17.899412Z
0 likes, 1 repeats
@lanodan @foone @TheLancashireman @hj @evamik ganoo specific flag for head
(DIR) Post #AnIr4fLN7IOcKz5xpI by growf@mastodon.org.uk
2024-10-23T16:14:33Z
0 likes, 0 repeats
@fooneI'm pretty close to being "the guy who couldn't set security questions".I don't drive, I barely travel at all, I've never had a pet, I'm single, and, critically, I don't have favourites.I really don't. I have a bunch of things in any given category that I like but I don't maintain a consistent ranking of them.Security question are shit, though. In so many businesses they just act as a much weaker password alternative.
(DIR) Post #AnIrRZ1ykmcfQ2wWkC by TheLancashireman@hostux.social
2024-10-23T16:10:04Z
0 likes, 0 repeats
@lanodan @foone @hj @evamik There are many ways to skin a cat.Tip: if you mash the keyboard, be sure to flip some of the letters to uppercase ...
(DIR) Post #AnIrRaOLh66vdiPuFc by lanodan@queer.hacktivis.me
2024-10-23T16:19:10.905910Z
0 likes, 0 repeats
@TheLancashireman @foone @hj @evamik True, just that this one is really good even for passwords (128 bits of entropy), which "security" questions effectively are.At least here only reason I'd use something else is for ones where I'd need to remember or horrors like smartphones where common words are better, then something like diceword it is.
(DIR) Post #AnJ0lpmj4UeAlAY676 by Variaxocellus@mastorol.es
2024-10-23T18:03:22Z
0 likes, 0 repeats
@foone Fun loosely related fact: my work has this type of questions set up for password recovery. They're clearly designed for Americans. I'm not American so I made up most of the answers. The only ones I remember are the ones with dates as answers, which are only three of the eight or so questions. Unlucky for me, you get three questions at random that you need to answer correctly. Lucky for me, if you refresh the recovery form it picks three new questions. So I keep hitting refresh until I get the three questions that I know what to respond to. Yay safety?
(DIR) Post #AnJ4Wo0HoNrkhxysa0 by WellsiteGeo@masto.ai
2024-10-23T18:45:31Z
0 likes, 0 repeats
@foone Not sure that the (common) forms of colourblindness leave you unreceptive to all colours, rather unable to distinguish (various) colour-pairs.
(DIR) Post #AnJ4hVFnrZDlk5L8JU by wolf480pl@mstdn.io
2024-10-23T18:47:28Z
0 likes, 0 repeats
@foone half of those questions could be more easily taken care of by the person being an orphan who never knew their parentsIf you combine that with being homeschooled, never being on vacation, and no stuffed toys, it starts sounding like Johan Liebert...
(DIR) Post #AnJ4ozE4pFXaj66J2e by lfourrier@tooter.social
2024-10-23T18:48:49Z
0 likes, 0 repeats
@foone worst idea : password reminder question in a fixed list of questions. It can only be somewhat secure if one can freely choose the question ( and the answer, obviously)
(DIR) Post #AnJ6cboWFIQyY2N7a4 by katzenberger@mastodon.de
2024-10-23T19:08:55Z
0 likes, 0 repeats
@foone My valid answer to all of these questions is:asdgfjhargjnbawövjhqnoüvvnvnv oSAKJVOWÜVSKONvüoawghveiewuwq0ßgajo0rguq0rgu0qŕguqrg
(DIR) Post #AnJOFlv0JEw0OwfJM8 by negative12dollarbill@techhub.social
2024-10-23T22:26:31Z
0 likes, 0 repeats
@foone The street they lived on was called 'password street'
(DIR) Post #AnLRF0qQ196gaBlnfM by jackemled@furry.engineer
2024-10-24T22:09:05Z
0 likes, 0 repeats
@foone The one about the favorite book or author is the only secure security question. Favorites change, or some people are too embarrassed by their favorite book so they lie about what it is to everyone.
(DIR) Post #AnLfPoDgh8klyIhDqi by foone@digipres.club
2024-10-25T00:47:54Z
0 likes, 0 repeats
@jackemled yeah I once had to go through a "forgot your password" that was nearly a decade old, that I'd made when I was 17. It was very hard to figure it out, and the bank teller had to give me WAYYY too many hints to get it
(DIR) Post #AnMrp6qxwiczbsrJ9k by qole@techhub.social
2024-10-25T14:41:59Z
0 likes, 0 repeats
@foone this is great for answering security questions, because attackers can't research the answers, which this poor person (no stuffies! no childhood phone number to memorize!) can just make up the answers to...