Hacker News new | past | comments | ask | show | jobs | submit login

Just today we received an email with a password reset request from a person who:

could not login into the customer portal because he lost/forgot the password

could not perform the password recovery procedure because his answer for the security question is some nonsense like 'blade-purge-satin-dash'

*shrug_emoji*




As someone who forges security questions, and at the risk of playing No True Scotsman, we keep these answers in the database with our passwords And yeah, if we lose the database I guess we're screwed, but tbh, after ample backups, the risk of the database being leaked is way higher than the risk of losing it despite replication.


Sometimes these questions are just asinine.

I ran into one once that a 6 character minimum length for the answer.


Just checked: 'Your favourite computer game?'.

> I ran into one once that a 6 character minimum length for the answer

This is a problem too, but at least it works if you manage to talk to a living person - even if you don't remember exactly how did you wrote something you can prove you know the answer for the security question. With 'cp359-qreor-534wej' as an answer you have no chance.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: