Funny thing is when a bank employee asks you for the answer on the phone. I was like 5 characters in dictating the random 32 characters when she just stopped me and let me do what I called to do.
That doesn’t sound like a good system security-wise TBH. I’d prefer if the employee had to enter the answer successfully on their end for the system to grant them the necessary access, otherwise it feels like a big opportunity both for internal snooping and for social engineering.
Yeah, I guess they are seeing the answer on their side because they need to be able to judge that when you say your first car model name differently than when you typed it in, it’s the same thing.
Because you are not trying to recall the answer, you are answering the question, and can word the answer differently than before.
Instead of answering security questions honestly, you can treat them as just like another password field.
Funny thing is when a bank employee asks you for the answer on the phone. I was like 5 characters in dictating the random 32 characters when she just stopped me and let me do what I called to do.
That doesn’t sound like a good system security-wise TBH. I’d prefer if the employee had to enter the answer successfully on their end for the system to grant them the necessary access, otherwise it feels like a big opportunity both for internal snooping and for social engineering.
Yeah, I guess they are seeing the answer on their side because they need to be able to judge that when you say your first car model name differently than when you typed it in, it’s the same thing.
Because you are not trying to recall the answer, you are answering the question, and can word the answer differently than before.
Which I don’t like.
Ah, thnks for explaining!