Here is the text of the NIST sp800-63b Digital Identity Guidelines.

  • eronth@lemmy.world
    link
    fedilink
    English
    arrow-up
    9
    ·
    edit-2
    1 month ago

    I usually invent answers to those and store those answers in a password manager. Essentially turns them into backup passwords that can be spoken over the phone if necessary.

    Where was I born? “Stallheim, EUSA, Mars”

    Name of first pet? “Groovy Tuesday”

    It’s fun, usually.

    • Buddahriffic@lemmy.world
      link
      fedilink
      English
      arrow-up
      5
      ·
      1 month ago

      I tried that without a password manager for a little while. But then my answers were too abstract to remember, so now I also use a password manager for that.

    • subtext@lemmy.world
      link
      fedilink
      English
      arrow-up
      4
      ·
      1 month ago

      What is the first name of your first best friend?

      eoY&Z9m4LNRDY!Gzdd%q98LYiBi8Nq

      Oh old eoY&Z9m4LNRDY!Gzdd%q98LYiBi8Nq and I go way back! I met eoY&Z9m4LNRDY!Gzdd%q98LYiBi8Nq in Pre-K and we’ve been inseparable ever since.

      It is quite annoying if they’re a service that makes you read aloud your security questions to phone reps to prove your identity. One of my retirement accounts requires that and I have to sigh and read out the full string. I’ve changed it since to an all lowercase, 20 digit string as a compromise.

      • NotMyOldRedditName@lemmy.world
        link
        fedilink
        English
        arrow-up
        5
        ·
        edit-2
        1 month ago

        20 character all lowercase is very secure as long as its random words / letters that would make it unguessable by knowing you.

        Edit: you could also prefix it if you think you’d have to read it

        “This question is stupid fuck nuts house gravel neptune cow.”