Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Sorry, I meant to imply that the support person will hear the explanation and let you reset the password without the actual answer.


Fair enough, as I believe I've had that happen. Random string for one of my financial institutions, needed to reset something. Pull up 1PWD, with random string at the ready and...they asked me questions that could have been pulled from a copy of my credit report. I didn't ask, so I'm not entirely sure, but I wonder if they didn't look at the answer, said to themselves "fuck that" and went with Option #2.


Diceware is a decent option for security questions. They work fine over the phone.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: