gmail security is a joke

Richo Healey richo at
Fri May 29 15:42:10 UTC 2015

On 29/05/15 10:35 -0400, Peter Beckman wrote:
>I use completely random strings for security questions. The company doesn't
>care what my answer is, so instead of knowing that my favorite sports team
>is [REDACTED] they can see that it is "WheF7?ydk/cBG8MgZf7w"
>Go WheF7?ydk/cBG8MgZf7w!
>I store all of the security questions in my password manager (1Password),
>and though annoying if prompted for them often, my account is more secure
>as a result. It's also a lot of fun when you call in and they ask you the
>answer to your security question.
>Just because someone asks you a question it does not require you to give an
>answer they expect. (Or any answer)

Good in principle, however I'll bet you 20$ that with this state, if I get on
the phone with support, and they ask for the answer to the security question,
simply replying

    "Is it a bunch of gharbled chracters, about 20 of em?"

Will be more than enough to get me in. Use 3-4 dictionary words.

More information about the NANOG mailing list