|
|
|
|
|
|
by kibwen
1299 days ago
|
|
|
Note that you should not generate a random password like D27fX$0f7RyD for your security questions. These are designed to give to a human operator on the other end of a phone. If an attacker calls up the account recovery line, gets asked for a security question, and just says "heh, I think it was a string of random characters", there's a decent chance the human operator will let them into the account. As you say, use an actual word string (passphrase) generator, which is a bit less susceptible to this attack. |
|
|