Security questions must die

Yesterday I got locked out of my bank because I couldn't remember what my favorite zoo animal was. I now have access again and have a new set of 10 security questions which I've saved as a new "login" but what a major pain.

It's a separate item from the regular item with my login. Is that how security questions are best handled, saved as a separate item? Or can i(or should) it be all combined in one item?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • jxpx777jxpx777 Code Wrangler 1Password Alumni

    @Nunuv Yurbiz I tend to agree with you; security questions are a huge pain. The way you handled them can work, but it has a similar problem as password reuse in that if someone were to figure out your list of security questions, they could potentially reset logins for a lot of sites. I handle mine slightly differently. Here's what I do:

    I create a new section of fields inside 1Password and I name it Security Questions. Then, I add a field per question with just enough information to remind me what the question was. For instance, I don't call it "What is the name of your first boyfriend or girlfriend?" because the end of that will get truncated. Instead, I just say, "Girlfriend". Then, for the field itself, I set the type to password and generate a new password using the word list generator. I usually set it to 3-5 words with no separator. As a result, I have a lot of logins that have sections looking something like this:

    It's tedious for sure, but it is the best way I have found to use unique security question values across multiple sites and to know that the site where I have these security questions is using the made up values instead of it being an old site where I actually told the truth. The other benefit to this approach is that it allows for quick keyboard ninja copying: Option-Command-\ to bring up 1Password mini. Since I'm on the site, it has my logins list narrowed down already. I arrow to the account I'm logging into (if needed—often it's just one account), right arrow to the details, down arrow to the question I'm being asked, and return to copy the value. 1Password mini disappears and my cursor is usually in the field ready to paste.

    I hope that helps! I'd love to hear if you have a better workflow I can borrow for this kind of thing! :chuffed:

    --
    Jamie Phelps
    Code Wrangler @ AgileBits

  • On a Mac, after answering all the questions, I use screen copy (shift-command-4), then I paste the file into the login entry for the web site. this works if the questions are all on one page.

    Security questions must die is my sediment too.

  • edited February 2016

    @jxpx777 That is tedious, but would work - on a Mac. Quite difficult on an iPhone, I would imagine.

    In the meantime, I moved my money out of that account. :)

    I do need to get better with working the keyboard to access 1Password, though. And I had not noticed the word generator feature. Neat.

  • jxpx777jxpx777 Code Wrangler 1Password Alumni

    @Nunuv Yurbiz My pleasure! I'm glad the post helped. I've done the security question dance on iOS before. You're right that it is slightly more tedious than on Mac, but I find that mostly a function of how much faster I am at performing actions on the Mac with a keyboard than I am on iOS with all its tapping and swiping and the screen size. Your mileage may vary of course. :)

  • @jxpx777
    I've been using your method, and it works well enough (I still dread trying to do it on an iPhone). But now I'm at united.com and they are forcing me to setup five security questions - and I can't choose my own answers. Answers are limited to what they offer in drop down menus. It's not even like they provide an answer from an unknown list - the list is right there. It's like they WANT people to break into accounts. I don't get it.

    I tried to pick things randomly (questions and answers) but still, that's not a lot of possible combinations.

  • jxpx777jxpx777 Code Wrangler 1Password Alumni

    @Nunuv Yurbiz That's pretty terrible… I'm sorry you had to deal with that situation. I've certainly seen the case where one has to choose from a limited list of security questions but never a limited set of answers. That just seems bizarre…

  • I always copy questions & answers for security questions in my 1Password login item note field.
    I also always generate the answers with 1Password generator ex. 10 digits QcqksYPtKY, so by this way it's impossible to gess your answer.
    You're asking for security, stay safe and coherent all during the chain.

  • Hi @webregnet,

    I too used to use the note field but then got excited about the prospect of using custom fields. They have two advantages in my opinion over the note field but it really is personal taste when it comes down to it. The two advantages that I see are

    • You can set the field type to password so the answer is normally obscured. I just think it looks nice :smile:
    • With each answer in its own separate field when you bring the item up in 1Password mini you can click on the field to have that answer copied to your clipboard and all in one click. Basically it removes the need to muck about with selecting the block of characters before using the keyboard shortcut ⌘C. I find that easier but again it's a preference thing.

    As for security questions where you can't define your own answer, words fail me.

  • (Thread back from the dead)...

    Anyone found a way to add custom fields that get recognized when you return to the site in question--thereby allowing a quick autofill?
    It seems like a lot of sites don't use the same field name consistently, busting 1P's ability to autofill...

  • brentybrenty

    Team Member

    (Thread back from the dead)... Anyone found a way to add custom fields that get recognized when you return to the site in question--thereby allowing a quick autofill?

    @gottaquestionboy: It isn't possible since 1Password doesn't understand the custom fields you create, therefore it has no idea where to fill them either. It's something we very much would like to be possible in the future, but it's a difficult problem to solve elegantly.

    It seems like a lot of sites don't use the same field name consistently, busting 1P's ability to autofill...

    You're preaching to the choir! It's something we struggle against every day, but 1Password is better for it. It isn't perfect, and perhaps it can't be, but we're always working to improve it. If you're having trouble with specific sites, be sure to let us know so we can help! :)

  • "Back From The Dead"
    Just discovered this thread as I was pondering how to solve my problem with 1P …
    My bank uses a 10 character "Secret Word" and when logging in, I am required to enter ⧈Char1 ⧈Char3 ⧈Char7 or ⧈Char5 ⧈Char7 ⧈Char9 etc. while I can usually remember my Secret and have ten fingers to count, I wish there were some way to do this with 1Password.

  • PilarPilar

    Team Member

    Hi @rjh,

    That sounds like an annoying feature from your bank, but maybe the notes section can help you make a grid that will help you do this faster! I think a little grid like this on the Notes section in 1Password could help you! Keep in mind that you can click on the anchor of your item so you can keep it visible while you find the appropriate characters!

    Please let us know if this solution helps you :chuffed:

  • @Pilar
    That looks as if it could work. Thanks for the suggestion!
    However that would bring us back to the subject of the floating widget for Android …

  • brentybrenty

    Team Member
    edited June 2016

    That looks as if it could work. Thanks for the suggestion! However that would bring us back to the subject of the floating widget for Android …

    @rjh: I'm glad that helped! We're working on bringing the Large Type feature to all platforms and improving it, and perhaps there's more we can do in that vein as well. Thanks for the feedback! :chuffed:

This discussion has been closed.