cdixon blog

password hints, security questions etc are a bad idea, reason #723

As I’ve said before, security questions, password hints etc are a really bad idea.

Today, I was on gap.com and forgot my password.  When you put in an email on their login page and click “I forgot my password” they show you your password hint.  You can put in any email address and find out their password hint this way.  This is a great way for hackers to figure out your password.  (How many people just use the password itself as their hint?  I bet a lot).

When I saw my own hint I put in a long time ago, I had to chuckle at my obnoxious former self :