gmail security is a joke
richo at psych0tik.net
Fri May 29 15:42:10 UTC 2015
On 29/05/15 10:35 -0400, Peter Beckman wrote:
>I use completely random strings for security questions. The company doesn't
>care what my answer is, so instead of knowing that my favorite sports team
>is [REDACTED] they can see that it is "WheF7?ydk/cBG8MgZf7w"
>I store all of the security questions in my password manager (1Password),
>and though annoying if prompted for them often, my account is more secure
>as a result. It's also a lot of fun when you call in and they ask you the
>answer to your security question.
>Just because someone asks you a question it does not require you to give an
>answer they expect. (Or any answer)
Good in principle, however I'll bet you 20$ that with this state, if I get on
the phone with support, and they ask for the answer to the security question,
"Is it a bunch of gharbled chracters, about 20 of em?"
Will be more than enough to get me in. Use 3-4 dictionary words.
More information about the NANOG