Hacker News new | past | comments | ask | show | jobs | submit login

True - but you can add an additional layer of security to the password reset request if this is a concern, such as personal questions.



Using personal questions for security is the worst thing ever.

Whenever I encounter them, I paste the output of "dd if=/dev/random bs=1k count=1 |uuencode x" into the field.


If you can use Facebook and Linkedin to hack someone's bank account you know that this is a bad idea. What's that, the make of your first car and the name of your first boss are actually freely posted on the Internet? You don't say.


I can never remember the answers to those damned things.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: