Best Practices for Security Questions
I'm posting this because a friend lost control of his 1Password and I'm seeing firsthand what a potential disaster he has in front of him.
At the outset, let me make clear that this is NOT a hack of 1Password, but really a problem of the category of password manager. Again - this was NOT a 1P hack.
Essentially, someone installed malware on his PC, captured his 1P password, and download his 1P files (from Dropbox or local copies, not that it really matters). So now someone is sitting on all of his important info, including the obvious stuff, but also pictures of driver's licenses, passports, social security cards, etc. I have all of the same stuff in my 1P, and I'm now extremely nervous about it. I'll probably move all of these documents out to an encrypted archive with a different pw that I don't keep in 1P.
But the biggest problem here is the security questions. We both make the answer to each security question something unique like "sldfjkipsdup9wu98yf7sdgfsdg" and then store that in the notes in 1P. So, now the hacker has the username, password, and answers to security questions. Obviously, he has been changing his passwords and security questions non-stop since he discovered the problem.
I'd like to find some good scheme for keeping these separate, under separate password, but still generally accessible.
I could have a separate vault that I don't link (not exactly sure how to do that, but I assume it's possible).
I could use a different password manager for second level security only.
I could make a locked PDF of my security questions, and keep that in 1P (pain to update though, and I'd have to keep the original somewhere, like in an encrypted DMG on my Mac).
I really think 1P is one of the best apps ever and can't imagine how I conducted business before it (unsecurely, for sure). But the flip side to it is, of course, if you lose it, you lose everything. I really need a way to make some data deeper and less accessible to myself and to hackers.
Anyone have a good strategy?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided