LOL, just got this
PM from a user named: newalias (reported)
Guess my "entropy" is too low.
MESSAGE TITLE: Security warning - scammy title, serious concern
Hi there,
you are member of DefaultTrust. Therefore, the security of your account is crucial.
However, you have a security question in place, what often means lower entropy than a secure password and maybe being easier to guess. Simplest thing I have seen in DefaultTrust was "1+1" with answer "2" was correct - I have frozen it for security. Easy questions ask for an age (try 0-99) or a birth year (try 1940-2022) or lower case initials (try aa-zz). Many questions ask for a city or a make of first car - brute force can help. And there are loads of questions for names of wife, birth names, pet names and so on. These are things that may be shared even in a post or require only your real name! The better people know the account owner, the better they know the answer!
Recommended action to take is to remove security question at all. Please get back to me stating how you improved account security. If I do not get a reply, I need to inform board administration for our all safety.
I started with whole DefaultTrust as I think the base of community should be secured first. Later, I will go for more users. Captcha is useless as I use some trick I will only discuss with theymos.
Thank you!
