How to Create Insanely Strong Answers to Security Questions

When you don’t have to remember the answer, guessability goes to zero.

by Colter Reed
2:07 read (647 words)
by Colter Reed
2:07 read (647 words)

Back in college, my roommate and I both wanted to be able to make changes to the account with the utility company, so we made up answers to their challenge questions that we would both know.

There was a problem, though. Because none of the answers were derived from actual facts, it could be an interesting exercise at times to walk through the mind palace to remember the answer we had used. When it came time to disconnect the phone, I spent close to an hour with them, verifying that I was who I claimed to be, because I couldn’t confirm my mother’s maiden name. Once I had established myself, we reset the code word to a known value (her real maiden name) to replace the made-up one (“Bondi”, the color of my roommate’s first-generation iMac).

Security questions are even more common today. Web sites want an automated way to let you—and only you—get back into your account if you forget your password. Since it’s an automated system, you not only need to remember the answer but often exactly how you typed it. Did you use capital letters? Punctuation? Which security question did you even pick?

Fortunately, password managers can remember more than just your password. You can use 1Password to also track your security questions. For bonus points, you can even make up insanely strong answers that no one is going to guess.

Let’s get started. The next time you need to select security questions for a site, open 1Password and have it ready while you make your choices.

  1. Open 1Password.
  2. Search for the login you want to add security questions to.
  3. Select the login.
  4. Click Edit in the bottom right corner of the window.
  5. Underneath the login details (username, password, website, etc.), there is some gray text that says “Section”. Click here and type in “Security Questions”.
  6. Below the section header, click on the text that says “label”.
  7. Type in “Q1”.
  8. Click on “new field”.
  9. Type in the first question.
  10. Type “A1” for the label in the next field
  11. Type in the answer to the first question.
  12. Repeat for the other questions.
  13. Click “Save”.

When you’re done, you’ll have a nicely formatted list of your security questions. This handy reference takes the guesswork out of answering them.

But there is one thing…

A lot of the popular security questions have answers that aren’t that difficult to figure out with a little sleuthing. We’ve probably shared the name of our pet, our first car, and our high school mascot on social media. This is the problem behind a lot of hacked celebrity accounts—security questions with insecure answers.

This is a password manager. We can solve this.

Pick your favorite questions, but let 1Password come up with some insanely secure answers. The following steps replace step 11, above.

  1. Next to each answer field, click the field type control. (It looks like a circle with three dots inside it.)
  2. Change the type to “Password”.

This is already one step more secure because 1Password will obscure your secret answers just like a password. Let’s take it one step further.

  1. Click on the combination lock icon that appears after switching to a password field.
  2. Create a nice, strong password with lots of characters, numbers, and symbols.
  3. Copy the gibberish from 1Password and paste it into the web site’s answer field.

Congratulations! The answers to your secure questions are now more of a secret than your questions are. You’ll need to copy the answer from 1Password any time you need to give the answer, but it’s worth it. It’s unguessable and you don’t need to devote any mental bandwidth to remembering it.

Now I’m just waiting for the day I have to answer one of these security questions over the phone. “Are you ready? I hope you don’t have to type this in. Letters are capitals unless otherwise indicated. Charlie Michael niner Zulu hashtag little-Romeo three hotel…”

Question: What’s your favorite tip to stay safe online? Share your thoughts in the comments, on Twitter, LinkedIn, or Facebook.