|
|
|
|
|
|
by terrabitz
1518 days ago
|
|
|
This. Security questions are almost always visible to humans in plaintext, and those humans are expected to be the judge of whether the security question was answered correctly. I used to do random characters, but have switch to a string of random dictionary words. Still not perfect (since "a string of random words" could potentially be accepted as a valid answer), but I feel like having it be human-readable makes it less prone to that kind of fuzzing. |
|
|