Such answers are weak when verified by customer support. An attcker can try saying oh I just entered a bunch of random letters, I didn’t think I’d need to remember it and an unsuspecting non—security-expert customer service rep confirms the answer as accurate.
Sad part is they're stored often plain text and agents can read and even sometimes use their own judgement so a little social engineering acting like a confused older customer could be an easy bypass - especially if the agent sees it as a keyboard mash.
I till use random security questions though, better than the alternative.
One time I was trying to set up a security question and it kept saying the info doesn't match their records and it seemed they were actually validating against public records. How friggin stupid.
Strom|1 year ago
db48x|1 year ago
M95D|1 year ago
dawnerd|1 year ago
I till use random security questions though, better than the alternative.
One time I was trying to set up a security question and it kept saying the info doesn't match their records and it seemed they were actually validating against public records. How friggin stupid.
notfed|1 year ago
Agent: "I'll need to ask for a few details first. What was your first pet's name?"
Me: "ZD4Fbyed6fzoUcmi"
Agent: "Thank you."