Uncategorized

Your mothers maiden name

When registering security details with a new account, you might be asked to answer a set of security questions. Think about this for a second. How many places across the internet has this information been posted already? Maybe you’ve registered this information in other sign-up processes, or maybe you’ve inadvertently shared this information on social media, maybe even publicly? If the answer to either of these questions is yes, then maybe we want to use alternative details. But then you’re into having to remember what you’ve entered where, and it just becomes a total nightmare. This is where password managers can really come in handy.

Using your password manager to handle security questions

All password managers come with password generators, and the ability to attach notes to specific accounts. I use this functionality to set some random strings to these details so they are 1) unique across all sites, so if one account is compromised I don’t have to worry about any others 2) if people discover my information through social media or social engineering, again I’m fine.

So for example, it literally takes a minute to generate and save this information to an account in my password manager:

favourite colour?!pKA3emfNKWm[=h#m=,~Q+HR>-)g$Y’:/[K=bR
first carm4%JG\2Zg]v,D+:.@Yy>t=jXd.Ycr’n[2
mothers maiden nameE)jdaj=z%.#^Z{b?f!BuA%[8z3Ee~yUv}4r@5bfA
favourite places*5LEU~a3m[GVT%gY{2A8xQ=bV]’QYQ7s^[VN.N
first street I lived on&j>”&&UwZqNT:_K>LSn7;^cPnGLf},\<L8S~b5

What you often find is that application developers have set rules on these fields to prevent strange characters or limit answer length. Neither of these practices are particularly helpful, but it’s simply a case of adjusting the settings when you’re generating those passwords. So for example:

MFA MFA MFA

Now arguably this makes my password manager even more sensitive, so it’s critical that I use one that provides MFA sign-in to the password manager itself. But I find this approach works really well, and I don’t have to worry about accounts getting compromised through other sites being hacked or my details being discovered.

You only need these details very occasionally, so this doesn’t make life any more difficult day to day, and it limits the impact of some of the common attack vectors against my identity.

Leave a Reply

Your email address will not be published. Required fields are marked *