You raise some good points there. Another thing these sites don't consider is that someone may not have a pet, they may not have a spouse or sibling to name or even know what city they were born in. Not allowing people to put in their own questions is not inclusive at all. Some of the questions in this limited set may also be things people rather not reveal to god knows who.
It really depends on the audience you are expecting. If you are expecting information security experts or privacy enthusiasts it's probably safe to say they know enough to not do the "What's my favorite band?" kinda thing.
But if you are building services for the average user then you do not give them any choices that could make them less secure if they don't do it right.
So always encourage passphrases and a good password manager, U2F and TOTP based authentication apps.
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
You raise some good points there. Another thing these sites don't consider is that someone may not have a pet, they may not have a spouse or sibling to name or even know what city they were born in. Not allowing people to put in their own questions is not inclusive at all. Some of the questions in this limited set may also be things people rather not reveal to god knows who.
I think you may have missed my point: users are dumb and cannot be trusted to pick their own security questions.
It really depends on the audience you are expecting. If you are expecting information security experts or privacy enthusiasts it's probably safe to say they know enough to not do the "What's my favorite band?" kinda thing.
But if you are building services for the average user then you do not give them any choices that could make them less secure if they don't do it right.
So always encourage passphrases and a good password manager, U2F and TOTP based authentication apps.