undefined | Better HN

0 pointsBrandoElFollito3y ago0 comments

Bitwarden has the same. I just generated wobble-swaddling-reflex-repost

0 comments

One will observe that I said "click button, get fake security answers" and I just tried it with BW Version 2022.5.1 (3283) and there was for sure no such "add security questions" option

I do believe you that it's possible to generate a password using battery-horse-stable but BW places the burden upon the user to create a "security questions" section, fill in the security question prompt, now save the item at this point because fuck the user, and then go to some other section to generate the battery-horse-staple password, copy it to the clipboard, go back into the item, edit it, go back to the section, paste the generated password, and now repeat that for the other 3 fucking required security questions

And people ask me why I pay for 1P ... I'll just link them to this process in the future, because it's a night-and-day difference how much BW hates its users

4111111111111113y ago

I don't even remember the last time I had to input a security question, so personally I wouldn't have wanted them to waste their time with such a feature. Isn't the feature inherently moot when you're saving the answer in you password manager? The only way to forget your password is if you're unable to access the password manager, which also contains the answer to the security question.

At that point you're just as secure inputting any random letters to effectively disable the security question unlock.

SSLy3y ago

commercial citimanager is an example of a stupid site that asks for those on any auth flow

BrandoElFollitoOP3y ago

Since security questions are not standardized (in the same way as a password field is) you may or may not recognize them (as a password manager).

I store the questions and answers in the notes section because I am sure I will have the right answers to the right questions.

I also expect this to be at the same place where passwords are generated because, well, these are passwords.

My hope is that idiotic idea born in the head of a psychopath will die soon (this is just a hope, taken into account the horrible, horrible incompetence of people who design the security of sites, especially password contraints)

j / k navigate · click thread line to collapse