Do you have adblock enabled?
 
If you can read this, either the style sheet didn't load or you have an older browser that doesn't support style sheets. Try clearing your browser cache and refreshing the page.

(NYPost)   Americans are sick and tired of passwords and security questions   ( nypost.com) divider line
    More: Murica, Banking, E-mail, percent, Forty-eight percent, percent regard, security measures, phone security measures, unnecessary security procedures  
•       •       •

2559 clicks; posted to Geek » on 10 Jul 2018 at 3:35 PM (5 days ago)   |   Favorite    |   share:  Share on Twitter share via Email Share on Facebook   more»



109 Comments     (+0 »)
 
View Voting Results: Smartest and Funniest


Oldest | « | 1 | 2 | 3 | » | Newest | Show all

 
5 days ago  
hunter2
 
5 days ago  
I'm only bothered when they pick the security question they want to ask and I don't know the answer.  It's inconvenient and creepy.
 
5 days ago  
The things don't work. I either answer with information that anyone could get easily, or I make stuff up and forget.

If you want two factors, spend the tiny amount of money and do it correctly.
 
5 days ago  
CorrectHorseBatteryStaple

Error - Password must be between 8 and 16 characters!
 
5 days ago  
That's okay, soon it'll be your retina and/or DNA. Can't lose that...right?
 
5 days ago  
Interestingly, 46 percent even consider airport security to be an inconvenience and 38 percent regard mobile phone PINs as somewhat of a hassle.

Uh, you can change that, at least on Android.
 
5 days ago  

Diogenes: I'm only bothered when they pick the security question they want to ask and I don't know the answer.  It's inconvenient and creepy.


"To ensure your privacy and security, we're going to pull your credit report and rummage through your old love letters from high school."
 
5 days ago  
"Almost half (47 percent) are sick ...Over six in 10 (64 percent) are riled ...and seven in 10 (71 percent) are frustrated by captcha codes, as they tend to feature illegible words."

Well I want to know what % doesn't understand fractions and what fraction doesn't understand %.
 
5 days ago  
If passwords and security questions are too difficult for you, you shouldn't be using a computer.
 
5 days ago  

IbiEvacua: That's okay, soon it'll be your retina and/or DNA. Can't lose that...right?


bio-metrics should only be the username not the password.
 
5 days ago  

jaytkay: If passwords and security questions are too difficult for you, you shouldn't be using a computer.


This.
 
5 days ago  

Diogenes: I'm only bothered when they pick the security question they want to ask and I don't know the answer.  It's inconvenient and creepy.


Even worse is when you know the answer, but may not know the exact phrasing you used at the time.
"Who was your least favorite teacher?"

I know who it is, but I can't remember if I put in Asshole, Putrid Asshole, Mrs. Asshole, Mrs. Putrid Asshole.... etc.
 
5 days ago  
The answers to security questions are a bunch of random letters, digits, and symbols and go into the password managers along with all my other passwords.
 
5 days ago  

Diogenes: I'm only bothered when they pick the security question they want to ask and I don't know the answer.  It's inconvenient and creepy.


That used to bother me. Questions like "what's your favorite restaurant?" are dumb to me. Why would I have one single favorite restaurant (or singer or color, etc.)?

Then one day I was grumbling about that to a customer service phone rep, and she said, "Just type in 'jazz' for your favorite color."

"Huh? Wat?"

"Type in a ridiculous choice like 'jazz' for your favorite color and I guarantee you will always remember that answer."

Great tip, I am grateful to this day.
 
5 days ago  

Russ1642: The answers to security questions are a bunch of random letters, digits, and symbols and go into the password managers along with all my other passwords.


Which makes them worthless for their stated purpose of two factor authentication
 
5 days ago  
Not as sick as we are of websites with freaking popups.
 
5 days ago  
My voice is my password..
 
5 days ago  

ThatBillmanGuy: CorrectHorseBatteryStaple

Error - Password must be between 8 and 16 characters!


and a character from a Coen Brothers Movie

and one of these special characters *%&$ but not these !@#%

also let me use past passwords, I have a couple I cycle thru or need to use due to character restrictions or conditions (must have a Upper case and lower-case crap) but if I need to create a brand new one every time I reset my password, then I am not going to remember it for infrequent websites.

I hate the security questions that I don't have an answer to: Who is your favorite person in history?  I don't know and it will change from day-to-day
 
5 days ago  

Gubbo: Russ1642: The answers to security questions are a bunch of random letters, digits, and symbols and go into the password managers along with all my other passwords.

Which makes them worthless for their stated purpose of two factor authentication


No, it makes them perfect for two factor authentication. It essentially requires two passwords instead of one. Answering security questions properly is a far greater risk, as the answers to many of those questions (e.g., high school mascot) can be independently looked up with relative ease.

IT at the company I work for goes one step dumber. If you need call them for some reason, you have to answer the security questions over the phone. Out loud. In the middle of the entire cube farm. Bleh.
 
5 days ago  

ThatBillmanGuy: CorrectHorseBatteryStaple

Error - Password must be between 8 and 16 characters!


And include no more than four special characters but no less than two.  Not including ?,#, or &.
 
5 days ago  

Sophont: Diogenes: I'm only bothered when they pick the security question they want to ask and I don't know the answer.  It's inconvenient and creepy.

Even worse is when you know the answer, but may not know the exact phrasing you used at the time.
"Who was your least favorite teacher?"

I know who it is, but I can't remember if I put in Asshole, Putrid Asshole, Mrs. Asshole, Mrs. Putrid Asshole.... etc.


LOL!  I have actually had such a dilemma with those.
 
5 days ago  

jaytkay: Diogenes: I'm only bothered when they pick the security question they want to ask and I don't know the answer.  It's inconvenient and creepy.

That used to bother me. Questions like "what's your favorite restaurant?" are dumb to me. Why would I have one single favorite restaurant (or singer or color, etc.)?

Then one day I was grumbling about that to a customer service phone rep, and she said, "Just type in 'jazz' for your favorite color."

"Huh? Wat?"

"Type in a ridiculous choice like 'jazz' for your favorite color and I guarantee you will always remember that answer."

Great tip, I am grateful to this day.


I tried that a long time ago. When it came up, I couldn't remember my favorite food, but was pretty sure it was something witty.  After trying every joke I could think of, and most of my actual favorite foods, plural, singular, spelt slightly wrong, capitalised, lowercase, whatever, I gave up.  Months later I found a Post-It note with the password and security question answer.

Turns out my favorite food is "Love"
WTF?!?
 
5 days ago  
It's gotten beyond serious bullshiat. Two-step authorization and authentication keys are the way to go.
 
5 days ago  

jaytkay: Diogenes: I'm only bothered when they pick the security question they want to ask and I don't know the answer.  It's inconvenient and creepy.

That used to bother me. Questions like "what's your favorite restaurant?" are dumb to me. Why would I have one single favorite restaurant (or singer or color, etc.)?

Then one day I was grumbling about that to a customer service phone rep, and she said, "Just type in 'jazz' for your favorite color."

"Huh? Wat?"

"Type in a ridiculous choice like 'jazz' for your favorite color and I guarantee you will always remember that answer."

Great tip, I am grateful to this day.


Well now that I know that your favrite color is "Jazz", I'm going to break into your account.
 
5 days ago  

Voodoo_Stu: jaytkay: Diogenes: I'm only bothered when they pick the security question they want to ask and I don't know the answer.  It's inconvenient and creepy.

That used to bother me. Questions like "what's your favorite restaurant?" are dumb to me. Why would I have one single favorite restaurant (or singer or color, etc.)?

Then one day I was grumbling about that to a customer service phone rep, and she said, "Just type in 'jazz' for your favorite color."

"Huh? Wat?"

"Type in a ridiculous choice like 'jazz' for your favorite color and I guarantee you will always remember that answer."

Great tip, I am grateful to this day.

I tried that a long time ago. When it came up, I couldn't remember my favorite food, but was pretty sure it was something witty.  After trying every joke I could think of, and most of my actual favorite foods, plural, singular, spelt slightly wrong, capitalised, lowercase, whatever, I gave up.  Months later I found a Post-It note with the password and security question answer.

Turns out my favorite food is "Love"
WTF?!?


img.fark.netView Full Size
 
5 days ago  

Voodoo_Stu: jaytkay: Diogenes: I'm only bothered when they pick the security question they want to ask and I don't know the answer.  It's inconvenient and creepy.

That used to bother me. Questions like "what's your favorite restaurant?" are dumb to me. Why would I have one single favorite restaurant (or singer or color, etc.)?

Then one day I was grumbling about that to a customer service phone rep, and she said, "Just type in 'jazz' for your favorite color."

"Huh? Wat?"

"Type in a ridiculous choice like 'jazz' for your favorite color and I guarantee you will always remember that answer."

Great tip, I am grateful to this day.

I tried that a long time ago. When it came up, I couldn't remember my favorite food, but was pretty sure it was something witty.  After trying every joke I could think of, and most of my actual favorite foods, plural, singular, spelt slightly wrong, capitalised, lowercase, whatever, I gave up.  Months later I found a Post-It note with the password and security question answer.

Turns out my favorite food is "Love"
WTF?!?


frinkiac.comView Full Size
 
5 days ago  
The password is...

img.fark.netView Full Size
 
5 days ago  

Creepy Lurker Guy: jaytkay: Diogenes: I'm only bothered when they pick the security question they want to ask and I don't know the answer.  It's inconvenient and creepy.

That used to bother me. Questions like "what's your favorite restaurant?" are dumb to me. Why would I have one single favorite restaurant (or singer or color, etc.)?

Then one day I was grumbling about that to a customer service phone rep, and she said, "Just type in 'jazz' for your favorite color."

"Huh? Wat?"

"Type in a ridiculous choice like 'jazz' for your favorite color and I guarantee you will always remember that answer."

Great tip, I am grateful to this day.

Well now that I know that your favrite color is "Jazz", I'm going to break into your account.


Isthiseightletters
 
5 days ago  
img.fark.netView Full Size
 
5 days ago  

The Googles Do Nothing: ThatBillmanGuy: CorrectHorseBatteryStaple

Error - Password must be between 8 and 16 characters!

And include no more than four special characters but no less than two.  Not including ?,#, or &.


My passwords these days usually degenerate to profanity after the fourth time the system rejects my selection for not having a Greek mathematical symbol, an Egyptian hieroglyphc and something from the Feanorian cirth.
 
5 days ago  

Sophont: Diogenes: I'm only bothered when they pick the security question they want to ask and I don't know the answer.  It's inconvenient and creepy.

Even worse is when you know the answer, but may not know the exact phrasing you used at the time.
"Who was your least favorite teacher?"

I know who it is, but I can't remember if I put in Asshole, Putrid Asshole, Mrs. Asshole, Mrs. Putrid Asshole.... etc.


I had to deal with that recently.  My job implemented MFA recently, and mine is set to call the phone in my office.  I was working at a different site the other day, and so needed to log into my MFA account to add the new phone number for the other site.  But since I wasn't at my primary site, I couldn't answer the MFA call to get into my MFA account and had to try and do the security questions.

It was the single most frustrating web experience I've had in years.

There were five security questions, all of which had to be answered at the same time, and if you get one wrong it doesn't tell you which one.  And the thing is, I remember my answers, but I don't remember the case-sensitive specifics of my answers.  I know which is my favorite sports team, for example, but I don't remember if I supplied "cityname teamname" as my answer, or just "teamname".  So I answer the questions, and I get back that one or more of my responses are incorrect.  I went through multiple permutations of my answers for a few minutes until I got a "too many attempts" timeout, after which I ended up calling a coworker at my primary site to have them go to my office and answer the MFA call for me.
 
5 days ago  

jaytkay: If passwords and security questions are too difficult for you, you shouldn't be using a computer.


If IT did their jobs we wouldn't need passwords.
 
5 days ago  
I handle the occasional password reset for my help desk, and it still stuns me how many companies and people have zero concept of information security. Also basic computer skills.

"I can't log into your website. My username is BlahBlah and my password is hunter2."

"Oh, Suzie usually does the invoices, but she left the company and she's the only one who knew the password to the website." Of course indicating that wherever Suzie went, she still has access  to all of your company's financials...
 
5 days ago  

do not take me seriously: Sophont: Diogenes: I'm only bothered when they pick the security question they want to ask and I don't know the answer.  It's inconvenient and creepy.

Even worse is when you know the answer, but may not know the exact phrasing you used at the time.
"Who was your least favorite teacher?"

I know who it is, but I can't remember if I put in Asshole, Putrid Asshole, Mrs. Asshole, Mrs. Putrid Asshole.... etc.

I had to deal with that recently.  My job implemented MFA recently, and mine is set to call the phone in my office.  I was working at a different site the other day, and so needed to log into my MFA account to add the new phone number for the other site.  But since I wasn't at my primary site, I couldn't answer the MFA call to get into my MFA account and had to try and do the security questions.

It was the single most frustrating web experience I've had in years.

There were five security questions, all of which had to be answered at the same time, and if you get one wrong it doesn't tell you which one.  And the thing is, I remember my answers, but I don't remember the case-sensitive specifics of my answers.  I know which is my favorite sports team, for example, but I don't remember if I supplied "cityname teamname" as my answer, or just "teamname".  So I answer the questions, and I get back that one or more of my responses are incorrect.  I went through multiple permutations of my answers for a few minutes until I got a "too many attempts" timeout, after which I ended up calling a coworker at my primary site to have them go to my office and answer the MFA call for me.


I had to pick answers this weekend and had the choice between:
Father's middle name
Mother's maiden name
High school name
City I was born in
Favorite teacher

Most people I know have at least four of those visible on facebook.
 
5 days ago  
One way of dealing with security questions is that the answer to the security question is always the following:

What was the name of your first pet?
P123
What is your favorite food?
F123

etc.
It does make it a bit easier.
 
5 days ago  
img.fark.netView Full Size
 
5 days ago  

KingBiefWhistle: Voodoo_Stu: jaytkay: Diogenes: I'm only bothered when they pick the security question they want to ask and I don't know the answer.  It's inconvenient and creepy.

That used to bother me. Questions like "what's your favorite restaurant?" are dumb to me. Why would I have one single favorite restaurant (or singer or color, etc.)?

Then one day I was grumbling about that to a customer service phone rep, and she said, "Just type in 'jazz' for your favorite color."

"Huh? Wat?"

"Type in a ridiculous choice like 'jazz' for your favorite color and I guarantee you will always remember that answer."

Great tip, I am grateful to this day.

I tried that a long time ago. When it came up, I couldn't remember my favorite food, but was pretty sure it was something witty.  After trying every joke I could think of, and most of my actual favorite foods, plural, singular, spelt slightly wrong, capitalised, lowercase, whatever, I gave up.  Months later I found a Post-It note with the password and security question answer.

Turns out my favorite food is "Love"
WTF?!?

[img.fark.net image 850x470]


That's a bold choice.
img.fark.netView Full Size
 
5 days ago  
Count me in. I can make the argument for what we do but it's a complete waste of time when your bank/credit company/employer is just going to lose your data in a big hack. The little guy is not the problem.
 
5 days ago  
1) Security is hard. Suck it up, buttercup. (And even with fancy password hashing and encrypting the tubez and whatnot, the easiest way to break in is STILL social engineering.)

2) What's more annoying than remembering which letters I subbed out for numbers is when I call the help line, and they ask me for my information...which I then have to repeat for the human CS agent. Either use that info from the automated system or stop asking for it.

3) Captcha is great at making letters illegible, and little else.

4) Biometric gives a false sense of security. Presumably, your fingerprint (or whatever) is stored somewhere to check access attempts against, and your fingerprint is almost as valuable as your bank account - or at least as much, if they can use it to access your account - so maybe just remember the letters/numbers.

// that XKCD comic should be posted on every account creation page
// I also like it when they tell you how complex your password is (rather than forcing the "1+ upper, 1+ lower, 1+ symbol, 1+ digit, 1+ hieroglyph, 1+ drop of virgin blood, 1+ un-type-able character, +1 Berzerker Mace..." rules)
 
5 days ago  

jaytkay: Diogenes: I'm only bothered when they pick the security question they want to ask and I don't know the answer.  It's inconvenient and creepy.

That used to bother me. Questions like "what's your favorite restaurant?" are dumb to me. Why would I have one single favorite restaurant (or singer or color, etc.)?

Then one day I was grumbling about that to a customer service phone rep, and she said, "Just type in 'jazz' for your favorite color."

"Huh? Wat?"

"Type in a ridiculous choice like 'jazz' for your favorite color and I guarantee you will always remember that answer."

Great tip, I am grateful to this day.


I tried that kind of thing for some website I had signed up for to order something or other. I put something completely unrelated to the question for the answer. A year or so later I go to sign in to the site again to order something, and forget the password and then realized I don't remember what farked up answer I gave to "What was your first car".

That kind of answer might work for a site you visit regularly, but is kinda shiat for places you'll almost never use it.
 
5 days ago  

Gubbo: Russ1642: The answers to security questions are a bunch of random letters, digits, and symbols and go into the password managers along with all my other passwords.

Which makes them worthless for their stated purpose of two factor authentication


They are worthless for two factor authentication. Two factor authentication is supposed to be something you know (a password) and something you have (a key generator). At no point is a minor piece of personal trivia ever a valid security feature.
 
5 days ago  

Bslim: My voice is my password..


One of my financial institutions actually does that.
 
5 days ago  
I like physical keys.
 
5 days ago  

edmo: Count me in. I can make the argument for what we do but it's a complete waste of time when your bank/credit company/employer is just going to lose your data in a big hack. The little guy is not the problem.


Came to say this.

I have to deal with complex password rules and required periodic changes to get to my stuff, but meanwhile, Russia, China, the GOP, and various other criminal enterprises are stealing, buying, and selling my info at will all the time.

Also, do I really care if somebody "hacks" my email account? I don't put sensitive information there, so the worst they could do is prank email the White House telling them I have the Pee-Pee Tape and asking Trump for $5 to cover the cost of shipping.
 
5 days ago  

UsikFark: jaytkay: If passwords and security questions are too difficult for you, you shouldn't be using a computer.

If IT did their jobs we wouldn't need passwords.


How would you like passwords eliminated? Say for online banking.
 
5 days ago  

Russ1642: They are worthless for two factor authentication. Two factor authentication is supposed to be something you know (a password) and something you have (a key generator).


LOL no. Two factor identification with a physical key is one kind. It's not the sole example.
 
5 days ago  
I had a password that had 4 quintillion years or being guessed by our best computers.

That wasn't enough. Google and Verizon wanted more.
 
5 days ago  

UsikFark: jaytkay: If passwords and security questions are too difficult for you, you shouldn't be using a computer.

If IT did their jobs we wouldn't need passwords.


lolwut? Oh explain this one to me. I need a good laugh today. Please tell me how we can protect stupid users from themselves?
 
5 days ago  

ThatBillmanGuy: CorrectHorseBatteryStaple

Error - Password must be between 8 and 16 characters!


Rules like these are kinda funny.  A website shouldn't need password rules anymore.  The PW should be hashed, so its content doesn't matter.  The PW length shouldn't matter as storage space on a DB server, especially for your users table, is stupid cheap.  If a site still has rules like these they likely use plain text passwords or even store them.  Not a guarantee, some sites could just be doing it for the sake of it.
 
5 days ago  
What I don't understand is why my local water company makes me do one of those captchas where you have to keep clicking on squares that have cars or storefronts or whatever. Once you get into the account, you can literally do nothing but pay the bill. You can't make any changes to the account, you can't access past records, you can't access a stored method of payment. Really and truly, ALL you can do is pay the damn bill.

If someone wants to log in to my water company account and pay my bill for me, they're more than welcome to do so.
 
Displayed 50 of 109 comments


Oldest | « | 1 | 2 | 3 | » | Newest | Show all


View Voting Results: Smartest and Funniest

This thread is closed to new comments.

Continue Farking

On Twitter





Top Commented
Javascript is required to view headlines in widget.
  1. Links are submitted by members of the Fark community.

  2. When community members submit a link, they also write a custom headline for the story.

  3. Other Farkers comment on the links. This is the number of comments. Click here to read them.

  4. Click here to submit a link.

Report