Correct!

And finally, the Kia dealer and owners websites leak a bit too much data.

Given that Kia and Hyundai collaborate on a number of platforms, that makes me wonder if Hyundai might be prone to a similar vulnerability.

But does it need to run non-stop? or only for a few seconds when you press the “find printers” button?

Security questions to reset a password are a very bad idea in general. There is plenty of evidence that this information (the answer) can be obtained way to easily. The underlying problem is that the information is not considered a secret by the user.
Also passwords with a length of 8 characters are just way to weak. They can be cracked in a femtosecond, they are more susceptible to shouldersurfing and guessing. Passwords sentences of ate least 15 characters are the way forward as long as we have to use passwords. And for not having to change your password periodically, it’s essential to have some sort of professional breach monitoring set up. Home computers/smartphones are still compromised a lot and passwords are harvested.

It didn’t make it into the article, but I was thinking about this. You can expose passwordless telnet to the Internet. You can set your password to “password” and expose SSH to the Internet. At some point the user has to take responsibility for not using insecure settings on their machine.

yea im not going to miss those. tired of digging up my brutal past every time a password system screws up.

also enforced password requirements. just show users their password strength and dont tell them how to be. use of emojis in passwords not only ups the entropy by a factor of four, but also allows a personalized lexicon and grammar which is immune to dictionary attacks. they also stand to be easy to remember. i for one will continue to use random hashes.