Which makes it less secure. Customer support rep may find it reasonable to dismiss it as random characters and let the attacker bypass the check entirely.
If the attacker knows it looks like gibberish, they can try "Heh, whoops, I just put in random characters at the time. Can we try something else?"
I think a false, convincing, and unlikely answer is reasonable. "My childhood dog's name was Alexander Hamilton."
If the attacker knows it looks like gibberish, they can try "Heh, whoops, I just put in random characters at the time. Can we try something else?"
I think a false, convincing, and unlikely answer is reasonable. "My childhood dog's name was Alexander Hamilton."