Security questions are an idiotic type of “security”, so of course I never enable them if they’re optional, which they almost always are. As I said, I can count on half a hand how often I’ve used them in recent years.
Occasionally, though, they can be the least bad two-factor option available on a service that either requires 2FA or which makes itself, indeed, a hassle to use when you don’t have any 2FA enabled, such as by throwing captchas at you up the wazoo. If such a service only offers 2FA by email, text message or security questions, then hell yeah, I’ll take the latter option any day of the week. Needing an emailed link or code to log in, now that’s a hassle. Same deal with text messages, but with the additional benefit of them being insecure as hell. You know what’s not a hassle, though? Having one extra field auto-filled by your password manager. That’s the hassle-free option.
As for taking things seriously or not - are you really trying to tell me that you don’t have anything that’s important enough to care about keeping secure? And if not, why would you not care about keeping anything that’s important secure? Especially when it’s so easy, and indeed, hassle-free, to have that security fully automated and handled by your password manager. If your gut reaction to security is that it’s a hassle, then I’m sorry to say that you most likely have both poor security, and unnecessarily difficult or annoying-to-use security, too. Do you subject yourself to the mental load of having to remember all of your hundreds of passwords in your head? Talk about a hassle. Or do you just use the same password for everything? Now that would be a hassle, to have not just one random account somewhere compromised, but to have all of your accounts, everywhere at once, compromised.
Such hassle…
I guess it means yes, you take that stuff for serious.
A hassle, huh?
Security questions are an idiotic type of “security”, so of course I never enable them if they’re optional, which they almost always are. As I said, I can count on half a hand how often I’ve used them in recent years.
Occasionally, though, they can be the least bad two-factor option available on a service that either requires 2FA or which makes itself, indeed, a hassle to use when you don’t have any 2FA enabled, such as by throwing captchas at you up the wazoo. If such a service only offers 2FA by email, text message or security questions, then hell yeah, I’ll take the latter option any day of the week. Needing an emailed link or code to log in, now that’s a hassle. Same deal with text messages, but with the additional benefit of them being insecure as hell. You know what’s not a hassle, though? Having one extra field auto-filled by your password manager. That’s the hassle-free option.
As for taking things seriously or not - are you really trying to tell me that you don’t have anything that’s important enough to care about keeping secure? And if not, why would you not care about keeping anything that’s important secure? Especially when it’s so easy, and indeed, hassle-free, to have that security fully automated and handled by your password manager. If your gut reaction to security is that it’s a hassle, then I’m sorry to say that you most likely have both poor security, and unnecessarily difficult or annoying-to-use security, too. Do you subject yourself to the mental load of having to remember all of your hundreds of passwords in your head? Talk about a hassle. Or do you just use the same password for everything? Now that would be a hassle, to have not just one random account somewhere compromised, but to have all of your accounts, everywhere at once, compromised.