How to add security question password along with username and password.

Is there a way to add login and password seperately with security question because it creates duplicates..
doesn't fill user name and password if the security question is different.

Comments

  • Hi @fawadnaseer‌

    I think your best option is the following.

    Using our Saving a Login Manually guide make a Login item for your username and password. Edit the Login item and set the submit field to Never submit. Then is a custom section add labels and fields for each security question you can be asked. What I do is set the label to the security question. Then I also set the field as a password so it is obscured for casual viewing.

    Then in your browser ⌘\ will fill in the username and password but it won't submit. Use ⌘\ again and then use the right arrow to expand your entry. The up and down arrow keys will allow you to navigate to the field you want to copy and pressing return will copy the answer to your clipboard. Paste after that and you should be good to submit.

    How does that sound as a solution?

  • I entered username/password manually.

    in the section below.
    I entered 3 labels for my security questions and it's answers in fields and set it to password too.

    when it asked me for username, it entered username correctly.
    then it asked me for a random security question, when I pressed Command + \ it didn't ask me which security question answer do I have to select.

    after that it enters password perfectly and logins.

    but it didn't prompt me when typing security question. I had entered 3 labels and it's field as answers.

  • do I need to enter labels exactly as it is asked?

  • @littlebobbytables‌ found a work around, but had to create 3 separate logins for security question.

    It would had been nicer if I just had to create 1 - login and add security questions within one login.

  • Hi @fawadnaseer‌

    Security questions are a bit of a tricky issue. Not only does each site handle them differently, but they're not always consistent (some sites will change which question gets asked for each time you log in, so it is more difficult for 1Password to fully automate this process.) Our developers are looking into ways to help 1Password handle security questions more efficiently in the future.

    Your workaround of creating a separate Login for each security question is a good trick, actually. Here's how I handle security questions:

    demo data shown

    With the questions and answers saved as custom fields within the Login entry, 1Password won't fill these automatically, but I do have quick and easy access via 1Password mini. When a security question is requested:

    • ⌘⌥\ ( Command-Option- \ ) to open Mini
    • Use my keyboard (or mouse) to find the Login I'm looking for and navigate to the correct answer
    • Hit 'Enter' to copy
    • Paste into the field

    I'm not sure if this method or your individual Logins for each security question is more efficient. Perhaps it depends on how you like things organized. (I initially used your method for my bank's security questions, but I like the organization of this better.)

    In any case, I hope this helps! We're here if you have any further questions or concerns.

  • Hi @fawadnaseer‌

    First of all, sorry for not responding until now.

    I did consider your approach as a suggestion but I was hesitant because you'd have three entries that need modified if you ever changed the password. Neither approach is perfect but I thought several individual entries all needing updating on occasion would cause more confusion.

    In the end though all that really matters is a system that works for you.

    My suggestion, like the one Megan describes, did require manually selecting the relevant answer from the list rather than 1Password identifying the correct one. At the moment 1Password looks at the field IDs to determine what should be entered into each field and I doubt the page in question makes that distinction when asking you a security question. Possibly in the future 1Password will be able to handle these but each site can code logins in a different way making it a difficult task to behave well on all. Who knows what the future may bring though :smile:

  • I see. Thanks for your help.
    I also have one suggestion, that 1pass should only ask to save login, when we have successfully login in to our website.
    Sometimes I mistype and 1pass right away ask me to save that login, it should wait for few seconds to see wheather I have logged into website and then ask whether do I need to save this login or not.

  • Megan...

    To me the major benefit to 1Password is the lack of a need to remember "gobbledygook%&#7." I have no problem remembering the name of my first pet or my father's middle name or my mother's maiden name.

  • MrCMrC Community Moderator

    I have no problem remembering the name of my first pet or my father's middle name or my mother's maiden name.

    Hint: Others can probably discover or already know this information, so its best to not use truthful or meaningful answers. Example:

    Q: Your father's middle name?
    A: Swahili Boats
    
  • If someone has determined my father's middle name AND my gobbledygook%&#7 password, they've earned access to my bank account!

  • edited November 2014

    Hi @fawadnaseer‌

    Thanks for the feedback! You're not the first one to suggest such a feature, and I'm happy to add a vote for you to the issue in our internal tracker.

    ref: OPX-208

    Hi @Plato,

    I hope that @MrC's suggestion helps! This is a great way to use 1Password to further increase your security. Our security guru has even written a blog post about this tip: Blizzard and insecurity questions: My father’s middle name is vR2Ut1VNj. The short version is that with social media being as prevalent as it is these days, it's often not difficult to figure out the answers to these security questions, if you know where to look. Here's what the security 'answers' in the above example actually look like:

  • Megan...

    Yes, I want protection but I'm not paranoid. Your suggestion regarding security questions has two disadvantages from my perspective. One, you're making it totally impossible for me to access my own accounts from a strange computer. I'm certainly not going to remember the fake father's middle name. Two, you're making me 100% dependent on one single product (1Password) and that's a concern. Suppose bad guys take over your company and find a way to retrieve my vault remotely?

    As far as my lack of paranoia is concerned, consider that knowledge of my father's middle name doesn't help the bad guy determine my gobbledygook%&#7 password. Besides, I've had discussions with my financial organizations and I'm covered if money is incorrectly sent to someone else. I'm not even certain if I need security for my credit card account - as near as I can determine, the worst that can happen is that someone else pays my bill!

  • Followup...

    I just spent a half-hour on the phone with my major financial organization. IF someone guesses my username (slightly difficult) AND they somehow determine my gobbledygook%&#7 password (nearly impossible) AND they know my pet's name (my pet died in 1960 and there's no one alive except for me that knows its name) AND they know the model of my first car (purchased in 1962 and there's no one alive except for me that knows the model) AND they know my mother's maiden name (easy) AND they know my father's middle name (surprisingly, this is slightly difficult), I'm still covered! If money is to be mailed to other than my current residence of record OR it is to be transferred to a bank other than my current bank of record, nothing will take place until fifteen days AFTER I am informed of the possible action via both email and snail mail.

  • Hi @Plato,

    Of course, the suggestion above is merely a suggestion. Personally, I'm happy to rely on 1Password to remember both my gobbledygook passwords and my gobbledygook security questions, because I have 1Password installed on all my devices, and securely backed up in Dropbox if I'm ever without my devices. But that's me. :)

    Perhaps working for a security company can make you a tad bit paranoid ... Or at the very least, hyper-aware of all the ways that data could be compromised. In any case, I'm glad to hear that your bank has protections in place to protect you against attacks, and it's even more awesome to hear that you are seriously considering your security and making decisions that feel right to you.

  • @Plato‌

    I'm glad you feel reassured about your security :smile:

  • MrCMrC Community Moderator

    Yes, I want protection but I'm not paranoid


    Suppose bad guys take over your company and find a way to retrieve my vault remotely?

    Are these two statements in the same post contradictory? :smile:

  • MrC...

    Naah. How do I know that you're not a bad guy? This is what happens when you worry about everything, such as the answers to the security questions. Like I indicated above, any organization that's holding my money has their procedures in place that protect me.

  • Megan...

    What would you do if you were on vacation without your computer and you had reason to be concerned about your account and you called them on the telephone. Would you remember that "gully-toad-monk" is your father's middle name?

  • Hi @Plato,

    @MrC reminded me of an earlier post of yours that I should have addressed directly:

    Suppose bad guys take over your company and find a way to retrieve my vault remotely?

    The awesome thing about 1Password is that you have complete control over your data. We don't know anything about your data, and quite frankly, we don't want to. Your data doesn't have to leave your computer if you don't want it to, and it is never stored on our servers. There's no benefit to bad guys breaking into AgileBits, because it won't make it any easier for them to get at your data. (We're not even hiding any secrets about our encryption formula: our data format is public).

    What would you do if you were on vacation without your computer and you had reason to be concerned about your account and you called them on the telephone. Would you remember that "gully-toad-monk" is your father's middle name?

    As a person who works in the tech sector, I'm rarely without one device or the other. On vacation, I'll generally have my iPhone (for quick photos) and my iPad (for reading). It's not something I'm concerned about.

    Again, this is about finding the best security fit for you. If this twist on security questions doesn't work for you, that's fine. The best thing you can do for your security is to ensure that you have a unique gobbledygook password for each and every site that you visit.

  • Megan...

    Well before you were born, I was much more of a geek than you can possibly imagine. Now, being retired, I back off a lot especially when on vacation, where I don't even bring my (non-smart) cell phone!

    Just for the record, I was an engineer. In the sixties, I was charged with test, checkout and approval for flight of the CWEA (Caution & Warning Electronics Assembly) on the Lunar Modules that took men to the moon. It's uppermost in my mind right now because I give presentations at local Middle Schools to get the kids excited about hitting the books.

  • Hi @Plato,

    I certainly don't mean to challenge your geek status! ;) That's a pretty impressive career history you have there, and I don't blame you at all for wanting to take a break from technology every now and then. And it's especially awesome that you are helping to get kids excited about learning and technology.

    Keep being awesome!

This discussion has been closed.