Yeah, it was the wording of the personal message that was tripping me up. Might have been a better option to contact the admins, and say you're aware of someone's security question, they could've possibly checked, and then forced the security question to be disabled, rather than forcibly locking an account. Maybe, the admins could've messaged only those with security questions enabled, I'm not sure of the best way of going about this.
Also, not a fan of talking about the specifics of a certain users security question as that could potentially be a further security/privacy issue.
However, I think the point has been made, and hopefully this highlights the issues of a security question. Personally, I'd prefer it to be removed, but at the very least hopefully this wakes up some users to discontinue using it.
For those that are unaware; Security questions are designed in such a way, that it encourages you to ask a question, and then directly answer that question, therefore it's no longer random. We've talked about random for ages now, and how it's important to generation of passwords. So, the mere fact you come up with the question, and the answer usually means you either reduce the randomness or completely remove it. You could say you'll have a answer that's not something that's related to the question, but it likely is as we as people aren't very good at thinking randomly.
I was about to conclude that the message was only sent to high ranking members only, I just found out that DT members were the only target, I am just wondering what exactly this user is trying to achieve by this
You're much more likely to make a point, if you make it to the higher ranked users of the forum, as the point hits closer to home, than doing this to someone who is of a lower rank. The user has proven that security questions are ridiculously stupid, which we kind of knew anyway, but has highlighted that to those that don't know it.
I do feel left out that I didn't receive one of these messages. I guess because I have no security questions (that I'm aware of)
Maybe check it, and amend it if so.
I think he deserves the neg trust. As I stated my question was there but was already in a disabled state. So it is far superior then no question at all. Since a hacker would spend all eternity and get no where trying to answer the question.
It was what is the name of my wife's father.
A hacker could have tried every name ever written in the human race and have no answer.
Since I knew I my secret question was disabled but listed I had created a time waster trap for hacker's which this moron fucked up with his clever hacking bs.
So frankly his so called well intended deed fucking helps hackers since they now know security question can be disabled and thus un answerable.