Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

If you are making up random usernames on a banking site, attackers aren’t going to know your username. So it is two-step.

This is not a great idea if you have a public profile connecting your username to your email because someone can hack your email.

But you not knowing your password doesn’t hurt your security as far as I can tell.



Assuming an attacker can't know your information is not a good idea.

Your login information can be gained via keyloggers, network sniffing, phishing scams, malware, malicious employees, and all sorts of other methods..

This is why two-factor authentication is so important, to help prevent your account from being compromised in the event that your username and password is.


The part I don’t get is how not knowing your password makes the situation worse. The password recovery mechanism exists whether or not you use it every time you log in.

The way I see it, not knowing your password removes some potential threats around managing that password incorrectly, at the cost of increasing the risk of losing access to your account if the recovery mechanism doesn’t work.


It doesn't make the situation worse, you're the only person suggesting that.

It offers some extra security, but very little. It's the digital equivalent of locking your back door but not bothering with the front door.


>It doesn't make the situation worse, you're the only person suggesting that.

The comment I originally responded to seemed to think so.


If you are making up random usernames on a banking site, attackers aren’t going to know your username. So it is two-step.

The username isn't supposed to be a secret, social engineering will most likely be very easy.


Agreed, but this is true whether or not you’re using parent’s plan of not knowing the password.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: