this post was submitted on 23 Jun 2026
149 points (98.1% liked)

Technology

85670 readers
3545 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 3 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
149
Windscribe VPN CEO warns your favourite Facebook quizzes are actually stealing your bank details (www.techradar.com)
submitted 1 day ago by sanitation@lemmy.today to c/technology@lemmy.world
13 comments fedilink hide all child comments
top 13 comments
sorted by: hot top controversial new old
[–] Malyca@lemmy.zip 12 points 13 hours ago (1 children)

Did people not know this? I feel like we collectively went through it with the boomers at least twice in the past 20 years.

[–] setsubyou@lemmy.world 3 points 10 hours ago

I always thought security questions were dangerous, but I did in fact not know that quizzes that exploit them exist in the wild.

[–] NewNewAugustEast@lemmy.zip 4 points 10 hours ago

So is LinkedIn but nobody cares.

[–] moobythegoldensock@infosec.pub 38 points 19 hours ago

Well this article is about 15 years late.

[–] pHr34kY@lemmy.world 19 points 20 hours ago (1 children)

When asked, my mother's maiden name is "0nzoIHUzdTMu2YDz".

[–] brokenwing@discuss.tchncs.de 11 points 15 hours ago

Always encrypt your mother

[–] Zwuzelmaus@feddit.org 19 points 23 hours ago* (last edited 23 hours ago) (2 children)

By wrapping standard bank security questions, like your mother's maiden name, your first pet, or the street you grew up on

These questions have made me wonder ever since I first saw them. So I want to ask you all:

Do you take them for serious?

It seems a cultural difference maybe, but I could never remember what I have answered to one of them. I don't even know the true answers to most of them, and if I know it, then I would still not want my bank to know it.

The only way where this kind "security" makes sense to me is when I can freely type in both the question and the answer. Then I choose a question that does not make sense to most other people, only to me personally, and then I won't ever forget the answer.

[–] skaffi@infosec.pub 7 points 14 hours ago (1 children)

As long as you can choose the answer, you can also choose what the question really is. You can just decide that questions about your mum's maiden name are actually asking you about the last name of the doctor that delivered your first born.

Or, better yet don't tie security to personal or externally verifiable information about yourself. In the one or two cases, in recent years, where I've had to fill out such (in)security questions, I've just treated them as additional password fields, where I just create additional fields for them in my password manager, and generate long, random responses as their correct answers. Why yes, my mother's maiden name is Correct7Horse@Battery!Staple, why do you ask?

[–] Zwuzelmaus@feddit.org 1 points 11 hours ago

additional password fields, where I just create additional fields for them in my password manager, and generate long, random responses

Such hassle...
I guess it means yes, you take that stuff for serious.

[–] teyrnon@sh.itjust.works 0 points 17 hours ago* (last edited 17 hours ago)

Big tech companies don't accept security questions to log into email. Like you log in correctly, they do the security questions, make you answer them correctly, then still don't let you in unless you link a phone number, even if you never gave them one and never agreed to.

[–] Warl0k3@lemmy.world 16 points 23 hours ago

Yeah this has been a joke for a looong time.

[–] jobbies@lemmy.zip 5 points 18 hours ago

Overly dramatic headline of the day

[–] UsoSaito@feddit.uk 3 points 19 hours ago

Like thats always been the thing for those