this post was submitted on 09 Feb 2026
720 points (97.6% liked)
Comic Strips
23396 readers
12 users here now
Comic Strips is a community for those who love comic stories.
Rules
-
π Be Nice!
- Treat others with respect and dignity. Friendly banter is okay, as long as it is mutual; keyword: friendly.
-
ποΈ Community Standards
- Comics should be a full story, from start to finish, in one post.
- Posts should be safe and enjoyable by the majority of community members, both here on lemmy.world and other instances.
- Any comic that would qualify as raunchy, lewd, or otherwise draw unwanted attention by nosy coworkers, spouses, or family members should be tagged as NSFW.
- Moderators have final say on what and what does not qualify as appropriate. Use common sense, and if need be, err on the side of caution.
-
𧬠Keep it Real
- Comics should be made and posted by real human beans, not by automated means like bots or AI. This is not the community for that sort of thing.
-
π½οΈ Credit Where Credit is Due
- Comics should include the original attribution to the artist(s) involved, and be unmodified. Bonus points if you include a link back to their website. When in doubt, use a reverse image search to try to find the original version. Repeat offenders will have their posts removed, be temporarily banned from posting, or if all else fails, be permanently banned from posting.
- Attributions include, but are not limited to, watermarks, links, or other text or imagery that artists add to their comics to use for identification purposes. If you find a comic without any such markings, it would be a good idea to see if you can find an original version. If one cannot be found, say so and ask the community for help!
-
π Post Formatting
- Post an image, gallery, or link to a specific comic hosted on another site; e.g., the author's website.
- Meta posts about the community should be tagged with [Meta] either at the beginning or the end of the post title.
- When linking to a comic hosted on another site, ensure the link is to the comic itself and not just to the website; e.g.,
β Correct: https://xkcd.com/386/
β Incorrect: https://xkcd.com/
-
π¬ Post Frequency/SPAM
- Each user (regardless of instance) may post up to five (5 π) comics a day. This can be any combination of personal comics you have written yourself, or other author's comics. Any comics exceeding five (5 π) will be removed.
-
π΄ββ οΈ Internationalization (i18n)
- Non-English posts are welcome. Please tag the post title with the original language, and include an English translation in the body of the post; e.g.,
SΓ, por favor [Spanish/EspaΓ±ol]
- Non-English posts are welcome. Please tag the post title with the original language, and include an English translation in the body of the post; e.g.,
-
πΏ Moderation
- We are human, just like most everybody else on Lemmy. If you feel a moderation decision was made in error, you are welcome to reach out to anybody on the moderation team for clarification. Keep in mind that moderation decisions may be final.
- When reporting posts and/or comments, quote which rule is being broken, and why you feel it broke the rules.
Web Accessibility
Note: This is not a rule, but a helpful suggestion.
When posting images, you should strive to add alt-text for screen readers to use to describe the image you're posting:
Another helpful thing to do is to provide a transcription of the text in your images, as well as brief descriptions of what's going on. (example)
Web of Links
- !linuxmemes@lemmy.world: "I use Arch btw"
- !memes@lemmy.world: memes (you don't say!)
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
The security questions are often forced.
The trick is to make up answers. Have some go-tos or a pattern that only you know and no one else could guess with information from your life.
Why yes, I did grow up on AmazonFakeStreet. Oh, my spouse? MicrosoftSpouseName of course.
You can also store these in a password manager like KeePass...
if you use password manager, you should never need to use recovery questions.
Well, I'd rather write down anything I enter, in case I do ever need it. But yeah, generally speaking you shouldn't need the answers.
it probably doesn't hurt to save it, but at the same time, for a keepass user, if you lost the primary password, it probably means you don't have the wallet for whatever reason.
Well, there might be other reasons to need them. For example, I once got locked out of an account, because I had lost the 2FA credentials (which I did not have in KeePass, incidentally). The webpage let me back in with a recovery question.
Well, technically, it was a recovery code which was just random symbols I had been provided upon account creation, but kind of the same thing in the end.
having 2FA in place and then letting you in based on "security question" is the peak clown show.
(this is not attack on you, but wow...)
They's talking about 2fa recovery codes, which are specifically made for when one loses their phone, for example. And are typically random.
that is shitty implementation. circumventing 2fa with 1fa method that can be easily intercepted is pinnacle of stupidity.
if the protected source is so important that it warrants using 2fa, then the recovery after losing it must really verify the identity and sending some random code doesn't cut it.
another thing is the spreading of 2fa to anything where it doesn't really need to. that is cancerous in itself.
I get it that recovery codes could be leaked just like passwords, but not sure what you mean by 'easily intercepted'.
if they are sending you random code, through email or sms, that is 1fa authentication that can be intercepted - through some malware in your computer or phone and it directly beats the purpose of having 2fa.
This feels like you haven't seen 2fa in the past ten years or so. The codes are given to the user on the site during the 2fa setup, they aren't sent via any of those channels that the user has lost in the first place leading to the recovery procedure.
oh, yes, i misread that part. so it is basically password that was on post it note somewhere in your drawer for who knows how long? well that is safe.
Doesn't every password manager have a "notes" field these days?
You replied to the wrong guy, but I think they rather meant it as "unless you're using a password manager (...because password managers are generally capable of storing extra data)". π
I mean, even if it can't store extra data in one entry, you could still create multiple entries for a single account and just name the entries similarly.
And to give an example of a password manager intentionally kept so simple that, well, there is a solution, but it is somewhat choose-your-own-adventure: https://www.passwordstore.org/#organization
(You can get GUIs for it, which may have a premade solution after all, for example: https://f-droid.org/packages/app.passwordstore.agrahn )
I've only used Bitwarden, so I can't speak to the others, but Bitwarden does, yeah.
But to the average person, "password manager" is whatever their browser does for them, and I'm not sure those have much more functionality beyond username/password and ID fields.
KeePass is very good all encrypted data is local, and no server interaction
so the funniest thing, we were sitting around at a family reunion. someone asked, so do we all use the same answers for our security questions? and uh, turns out we all do. same made up answers (everyone had the same favorite cat. whose favorite person was me awww yisss), but the same answers. and that moment we decided to update our security procedures.
You get security questions asking you who your "favorite person" is?
I bet Jesus is a popular answer.
It's the cat, yeah
Hmm... SELECT * FROM Users WHERE SecurityResponse2 = "*Epstein"
the trick is q'wdsjfaosdijgoasfgnsdk;jfavfghoiaerjhpguewrhjtiwuerth
never ever put any non-random information there.
i had a 70 year old guy getting divorced, because his wife of similar age "hacked" his email by entering name of their parrot and found out he is emailing with another 70 yo lady.
Ideally you still want it to be something you'll remember, unless you're using a password manager capable of tracking those for you.
The mistake that guy made is that he still chose a name he had some attachment to. You want to make sure you choose something you have no attachment to whatsoever.
And then never reuse the same answer between different services, just in case one of them is storing them as plaintext.
what you are describing is password and we use wallets for these. the problem is, that various services intentionally presents "security question" as sort of a fallback for when you forget the password, because you wouldn't forgotten your first pet's name, right? it is fundamentally wrong approach.
what you are describing is treating the "security question" as second password, which is possible, but kinda pointless. if you have good password stored in the wallet, it is safe and you won't forget or lose it. and if you lost it, it is probably because you lost access to the wallet, so saved security question you treated as a second password and stored in the same wallet is kinda useless now.
I'm just recommending that folks treat the answers to the security questions, at a minimum, like they treat their passwords themselves. The security questions are a way around the password, and so they should be kept just as secure and hard to guess.
If you're using a secure password manager, great, that's exactly the best approach. The majority of people don't, which is where this sorta thing becomes an issue. If you have a password manager and the service you're using forces you to answer security questions, of course you can let the password manager generate something just as random as the password itself (provided it can remember it and can track which term corresponds to which question). For anyone who does not, it's just important to choose something you'll remember but no one who knows details about your life can simply guess. Otherwise it doesn't matter how secure your password is.