Hacker News new | past | comments | ask | show | jobs | submit login

Except OP just admitted to using this scheme on a public forum, so they are now essentially compromised.

It's security through obscurity, with a bonus that the people who use this technique can't seem to keep quiet about it so it's not even obscurity.




Security questions aren't really that secure anyway. A "real" hacker could just pretend to be helping out a friend after a debilitating accident and ask for everything to be reset.


Exactly, or the "crying baby/stressed out parent" example that made the rounds a few years ago. Hackers don't need to monitor every public comment you make, just trick 1 minimum wage call center worker for 5 minutes.


The answer could be: "Don't allow answering anything but this exact sequence of words: " then followed by a string of words.


Perhaps we need a reset contact whom they can call to confirm with a real human.


Like with nearly any topic on HN, an xkcd comic [0] comes to mind.

[0] https://xkcd.com/2176/




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: