security questions

Does anyone have any guidance/ best practice recommendations about rotating security questions for accounts?

I know routine/periodic changes to login passwords are no longer recommended. Besides, since servers store these as hashes and if your password is strong enough, it's hash would be resistant to precomputation.

However, I would think that most types of security questions by their nature of having to be read by humans, can't be stored encrypted.
So in the event of a server breach, these passwords could be potentially exposed as plaintext.
I really hate them- terrible for security, but unfortunately many sites require them for online access.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided


  • dancodanco Senior Member Community Moderator

    Since the answers do not need to be true, you could use separate answers for each site, and save your answers in the notes section of your 1PW entry.

  • Indeed. I (often) use randomly generated "memorisable passwords" of a few words as answers to the questions.

    I store them as custom fields of type password, so they are even hidden in 1Password by default.

  • BenBen AWS Team

    Team Member

    That is what I do as well. :) As for rotating them... I would likely only consider doing that if the site reported a breach.


  • I appreciate the responses.
    I also do store them as random/unique passwords in custom fields and copy/paste them into the sites.
    I wish I could autofill them but there doesn’t seem an easy way to do that...

    Thanks again

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file