I just activated a secret question in my account and for some reason, I'm not quite sure whether I did the right thing or not, because the page simply reloaded without confirmation or whatsoever.
-Any questions in the "Secret Question" field will do, right?
AFAIK its free text, yes.
-I see that the secret question that I chose was already saved in that once text box when I reloaded the page. Does that mean that the process is finished?
That was my guess after I saw the question safed. Showing the answer would not be a good idea.
-Last question, why is it not recommended? Activating a secret question in my understanding means adding another layer of security in an account. But why isn't it recommended in this forum?
It is not recommended if used like e.g. Paypal (still?) does:
"What was your mothers maiden name?" -> "Sand"
Thats terribly bad as a security mechanism as this can easily be brute forced or just asked with some social skills.
If you use something like this:
"What is the answer to the secret question?" -> "hHgTVFa6pFbpyq4Ryj55TEBH"
You essentially have a second password, that can be longer and more complex than your regular password.
Anyone who guesses your secret answer will have access to your account. It's like a second password.
Does that mean that anyone who guesses the answer to the secret question will already have access to my account if he/she put it into the login text boxes? I'm kinda confused. Any reply will do. Thanks!
Yes, anyone that knows the answer to the secret question can reset your password.