I refuse to answer, since “what is the first country you traveled to” is a recovery question used by at least one online service I’ve used, and I don’t want to risk letting someone else have a better chance at guessing the answer I used.
Tip: if you trust yourself to keep track of stuff, you can just use another password for these fields. I know this is pretty common knowelege in the privacy space, but a lot of people never think of it.
This is true. However, if a service uses a “recovery question” at all, and doesn’t allow me to use a physical security key, it means they don’t really care about security. Moreover, it probably means that they will want me to answer a “recovery question” while talking on the phone or visiting somewhere in person, and I would probably prefer to not appear to be different to other people in a situation like that.
I refuse to answer, since “what is the first country you traveled to” is a recovery question used by at least one online service I’ve used, and I don’t want to risk letting someone else have a better chance at guessing the answer I used.
I just write curse words or pick some random option for those.
Tip: if you trust yourself to keep track of stuff, you can just use another password for these fields. I know this is pretty common knowelege in the privacy space, but a lot of people never think of it.
This is true. However, if a service uses a “recovery question” at all, and doesn’t allow me to use a physical security key, it means they don’t really care about security. Moreover, it probably means that they will want me to answer a “recovery question” while talking on the phone or visiting somewhere in person, and I would probably prefer to not appear to be different to other people in a situation like that.