Why the fuck some companies still think that '''''security'''''

There's just a LOT of bad information regarding security. Even on /g/ there's a whole lot of retards who suggest completely stupid fucking shit.
These same companies bought into the whole "longer than x characters is bad" or "you can't paste your password" memes. It's disgusting, and so many of them are stubborn to change to, on the daily you'll find security experts literally begging all these companies on social media to change their ways and their reps are like "lol no we know whats best for our clients therefore we dont use https"

Just use random.org to generate 24 character passwords and use those.

>>62099475
Harder to remember for a tiny increment in entropy, use 24-character multiword string instead.

>>62099494
>muh hard for humans but easy for computers meme

Enjoy your dictionary attack.

>>62099523
Show me a dictionary that contains all combinations of 2-4 words that can fit into 24 characters, both with and without spaces.

>>62099494
It's a "security" question, just write it down. Nobody's going to try to crack a security question when it could be literally any possible string.

>>62099523
>muh dictionary attack
>what is Diceware

>>62099494
Don't bother with multiword strings here. Use a password manager or store a physical copy. Hopefully you shouldn't have to answer security questions very often.

>>62099523
Yes, the comic takes into account dictionary attacks.

just add phone number and require user to type in verify it with sms code, as secure as you can get.

>>62099562
JUST GIVE AWAY YOUR NUMBER TO FUCKING ANYONE SO THEY CAN RING YOU UP WITH PROMOTIONAL OFFERS IN THE MIDDLE OF THE NIGHT

>>62099875
Then why are you signing up for something that isn't worth it?

>>62099418
for getting more money with their databases selling

>>62099940
It's people like you that give the go ahead to Google, Microsoft, and pretty much everyone else to require a phone number before you can make an account. So it's either get a burner phone or become a social pariah.

>>62099875
>>62100027

Microsoft, Google, Steam, Amazon and a lot more companies have had my phone number for years and no one has ever called me to sell me shit. You're retarded.

>>62100669
You could make your password fucking abc12321 and you might not have a problem for years, doesn't mean it's good to do that. Why do I have to give out my phone number and tie my identity to your shitty platform? Why do I have to trust in your "promise" that you'll only use my number for verification services? Let me use your service anonymously, I'm already sick of having to register with throwaway email accounts, I don't need pay for extra phone service too ESPECIALLY for services that DON'T NEED MY FUCKING NUMBER.

>>62100820
>Why do I have to trust in your "promise" that you'll only use my number for verification services?

Because it probably says so in the ToS. If they break it, they will be in a fucking hell of legal and public relationship troubles. It's just not worth it to even try for most big companies.

>Why do I have to give out my phone number and tie my identity to your shitty platform?

So people stop making 200 different accounts or getting ''''''hacked''''' and then blaming the company for their stupidity.

>>62099418
They haven't replaced their software on 15 years

>>62100888
The more stingy you are with handing out your personal information, the less material identity thieves will have to work with and the less likely you'll get into trouble for posting something stupid when you think you're anonymous. Chrome and Reddit used to store its passwords in plain text format, a porn star got her identity outed on Twitter after verifying her personal phone number for a public-facing account. If PR and legal repercussions were enough, these security issues wouldn't have happened in the first place.

>>62101096
>a porn star got her identity outed on Twitte
good

File: jjvgsh09.jpg (38KB, 320x340px)

38KB, 320x340px

>>62099540
yeah hold on one sec, going to ask my ai to create one