

How I accidentally got into someone else’s gmail account - warambil
http://warambil.wordpress.com/2012/07/19/how-i-accidentally-got-into-someone-elses-gmail-account/

======
electrograv
It still makes absolutely no sense to me why security questions are used.
They're effectively a second alternative password to access your account -- a
"password" that's really really easy to guess (especially if you know who the
account belongs to).

You might as well just replace "username and password" with "enter your
username and what's your favorite food?" or "enter your username and where'd
you grow up as a child?"

Pretty secure, huh?

~~~
Xurinos
I agree. I put random garbage in the security question answers, a password so
hard to crack that even I never remember it. ;) In other words, I opt out
whenever I get the chance.

~~~
larrik
Some sites use those as surprise 2-step verification. Your method would be
very painful in that case!

~~~
Xurinos
It is. :( I have few accounts on the net, so I have rarely run into this
except on sites I do not care much about. However, I understand others differ
in habit. It is hard enough to remember one password per account.

~~~
frou_dh
I just use random gibberish for all passwords and security answers and store
all of that in a password database with a notes field.

The classic security questions are bizarre because of the premise that any
person (family or otherwise) who happens to know a bit about you has your
complete trust.

~~~
larrik
Sounds like a valuable database...

------
Feoh
Wow, the author of this article should be the poster child for wh Google's 2
factor should be de rigeur for anyone who actually cares about the contents of
their email.

------
motoford
This guy remembered so little that I wonder if it really was his account to
start with and he just couldn't remember receiving all those previous emails
he found.

