Regex Password Vault Blog

Security questions: What to do when you encounter them

by Shawn O'Hern October 30, 2012

Picture of security questionsYou have probably seen these things popping up on many websites in the past few years. Security questions and answers are all the craze in the field of cyber pseudo-security these days. When you sign up for an account, you provide answers to questions that supposedly only you would know. Then, if you ever forget your password, you can provide the same answers to prove your identity and reset your password.

Sounds good, right? The problem is that the questions themselves are completely inane. They require answers that can be easily guessed or researched, for example, What's your pet's name, or What's your mother's maiden name. To an attacker who has the ability to launch brute-force dictionary attacks, and who has access to social media and Google, these questions pose no barrier to entry. In fact, they completely circumvent the password-based security of your account. If an attacker can just successfully answer the questions, then he or she can reset your password to access your data, and worse yet, lock you out of your own account.

How should I handle them?

So what should you do when you're forced to give answers to these security questions? Well, the number one rule is: never answer them truthfully. The absolute least you should do is give false answers. That way, you will trip up would-be attackers who will try finding the answers to your questions through research. This isn't a lie detector test. It doesn't matter if you lie to a website about your favorite color...as long as you can provide the same answer later when you need to reset your account. So even though you have a fondness for periwinkle, say sea foam green instead.

The better solution, however, is to use random text for your answers. What was your first car? uCnyprOz4cl02AVO5gH8No. What is your paternal grandfather's first name? Why, atKIne9qe0m2y9 of course! Random text generated by a password generator is impossible for an attacker to predict.

How can Password Vault help?

Okay, so now what do you do with all these random answers that you need to keep track of? Fortunately, Password Vault makes it easy to store security questions and answers along with your passwords. In addition to the standard username, email, and password, Picture of custom fields in Regex Password Vaulteach password record can also store a number of user-defined custom fields for additional data. These are perfect for storing your questions and answers.

 In Password Vault, create a new password or edit an existing password. On the Password Properties dialog, in the lower-left corner you will see an area labeled Custom fields. This is where you want to put your security questions and answers. Put the question in the Name box, and the answer in the Value box.

By following this best practice, you will greatly increase the security of your online accounts.

What is Regex Password Vault?

Regex Password Vault is a password manager and form filler for Windows. It simplifies your life by remembering all your usernames and passwords for you, saves you time by logging you into websites and filling out long web forms with a single click or keystroke, and keeps you safe online by making it easy to use strong, unique passwords for all your accounts!

Introduction
Features
System requirements
Download a free trial