Tip: if you trust yourself to keep track of stuff, you can just use another password for these fields. I know this is pretty common knowelege in the privacy space, but a lot of people never think of it.
This is true. However, if a service uses a “recovery question” at all, and doesn’t allow me to use a physical security key, it means they don’t really care about security. Moreover, it probably means that they will want me to answer a “recovery question” while talking on the phone or visiting somewhere in person, and I would probably prefer to not appear to be different to other people in a situation like that.
Tip: if you trust yourself to keep track of stuff, you can just use another password for these fields. I know this is pretty common knowelege in the privacy space, but a lot of people never think of it.
This is true. However, if a service uses a “recovery question” at all, and doesn’t allow me to use a physical security key, it means they don’t really care about security. Moreover, it probably means that they will want me to answer a “recovery question” while talking on the phone or visiting somewhere in person, and I would probably prefer to not appear to be different to other people in a situation like that.