Does anyone have any guidance/ best practice recommendations about rotating security questions for accounts?
I know routine/periodic changes to login passwords are no longer recommended. Besides, since servers store these as hashes and if your password is strong enough, it's hash would be resistant to precomputation.
However, I would think that most types of security questions by their nature of having to be read by humans, can't be stored encrypted.
So in the event of a server breach, these passwords could be potentially exposed as plaintext.
I really hate them- terrible for security, but unfortunately many sites require them for online access.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided