Regex Password Vault Blog

Security questions: What to do when you encounter them

by Shawn O'Hern October 30, 2012

Picture of security questionsYou have probably seen these things popping up on many websites in the past few years. Security questions and answers are all the craze in the field of cyber pseudo-security these days. When you sign up for an account, you provide answers to questions that supposedly only you would know. Then, if you ever forget your password, you can provide the same answers to prove your identity and reset your password.

Sounds good, right? The problem is that the questions themselves are completely inane. They require answers that can be easily guessed or researched, for example, What's your pet's name, or What's your mother's maiden name. To an attacker who has the ability to launch brute-force dictionary attacks, and who has access to social media and Google, these questions pose no barrier to entry. In fact, they completely circumvent the password-based security of your account. If an attacker can just successfully answer the questions, then he or she can reset your password to access your data, and worse yet, lock you out of your own account.

How should I handle them?

So what should you do when you're forced to give answers to these security questions? Well, the number one rule is: never answer them truthfully. The absolute least you should do is give false answers. That way, you will trip up would-be attackers who will try finding the answers to your questions through research. This isn't a lie detector test. It doesn't matter if you lie to a website about your favorite long as you can provide the same answer later when you need to reset your account. So even though you have a fondness for periwinkle, say sea foam green instead.

The better solution, however, is to use random text for your answers. What was your first car? uCnyprOz4cl02AVO5gH8No. What is your paternal grandfather's first name? Why, atKIne9qe0m2y9 of course! Random text generated by a password generator is impossible for an attacker to predict.

How can Password Vault help?

Okay, so now what do you do with all these random answers that you need to keep track of? Fortunately, Password Vault makes it easy to store security questions and answers along with your passwords. In addition to the standard username, email, and password, Picture of custom fields in Regex Password Vaulteach password record can also store a number of user-defined custom fields for additional data. These are perfect for storing your questions and answers.

 In Password Vault, create a new password or edit an existing password. On the Password Properties dialog, in the lower-left corner you will see an area labeled Custom fields. This is where you want to put your security questions and answers. Put the question in the Name box, and the answer in the Value box.

By following this best practice, you will greatly increase the security of your online accounts.

Tip: Safely Email Documents Using Regex Password Vault

by Shawn O'Hern September 26, 2012

Have you ever needed to email someone a sensitive file or document?

Sending files and documents via email can be risky without encryption. Maybe you use an enterprise email system that has encryption built in, or you already have encryption software installed on your computer. But what if you don't?

Regex Password Vault can be used in a pinch to encrypt files and documents and make them safe to transmit via email. This is thanks to a little-known feature of Password Vault: file attachments. You can attach files and documents to a password in a Vault file; the attachments are always encrypted. Then you can safely email the Vault file containing the attachments. The file can't be opened without the correct master password.

Follow the steps below to safely email someone sensitive files or documents:

  1. You will probably want to create a new Vault file to hold the attachments (unless you also want to send all of your personal passwords to another person). So click File > New Vault File. Follow the instructions to create a new file. Choose a strong master password, keeping in mind that you will have to share it with the other person.
  2. Create a new password by clicking Edit > New Password.
  3. Click the Attachments tab. Now you can drag as many files as you want into the File attachments box.
  4. Click OK. Save the Vault file.
  5. Now you can attach the Vault file to an email and send it. Note that the original source files on your computer have not been modified and are not encrypted.
  6. You will need to share the master password with the recipient. Either send it in a separate email, or call the recipient on the telephone to tell them the password.
  7. The recipient will receive the email and the master password, open the Vault file, and be able to save the files and documents to his computer.

The recipient will need to install Regex Password Vault on his computer to be able to open the Vault file and access the attachments. It is a free download from our website. As long as the Vault file has no more than 15 passwords, the recipient can open it without needing to purchase a license.

Categorized as: Password Vault Tips

What is Regex Password Vault?

Regex Password Vault is a password manager and form filler for Windows. It simplifies your life by remembering all your usernames and passwords for you, saves you time by logging you into websites and filling out long web forms with a single click or keystroke, and keeps you safe online by making it easy to use strong, unique passwords for all your accounts!

System requirements
Download a free trial