[180252] in North American Network Operators' Group
Re: gmail security is a joke
daemon@ATHENA.MIT.EDU (Richo Healey)
Fri May 29 11:42:15 2015
X-Original-To: nanog@nanog.org
Date: Fri, 29 May 2015 08:42:10 -0700
From: Richo Healey <richo@psych0tik.net>
To: Peter Beckman <beckman@angryox.com>
In-Reply-To: <alpine.BSF.2.00.1505291028180.99570@nog.angryox.com>
Cc: nanog@nanog.org
Errors-To: nanog-bounces@nanog.org
On 29/05/15 10:35 -0400, Peter Beckman wrote:
>I use completely random strings for security questions. The company doesn't
>care what my answer is, so instead of knowing that my favorite sports team
>is [REDACTED] they can see that it is "WheF7?ydk/cBG8MgZf7w"
>
>Go WheF7?ydk/cBG8MgZf7w!
>
>I store all of the security questions in my password manager (1Password),
>and though annoying if prompted for them often, my account is more secure
>as a result. It's also a lot of fun when you call in and they ask you the
>answer to your security question.
>
>Just because someone asks you a question it does not require you to give an
>answer they expect. (Or any answer)
>
>Beckman
Good in principle, however I'll bet you 20$ that with this state, if I get on
the phone with support, and they ask for the answer to the security question,
simply replying
"Is it a bunch of gharbled chracters, about 20 of em?"
Will be more than enough to get me in. Use 3-4 dictionary words.
