How do you store your security questions?
I hate security questions just as much as probably every other 1Password user does, and I tend to generate random strings for answers. I've been storing these in notes, or sometimes as "text" fields named "question" and "answer", but I'm wondering if there is a supported method for entering these, since they kind of go together as a set. Pasting into the notes field is probably the easiest solution but I do like the way that the password field gets special treatment in the way of history (aka you can see the previous values).
Is there a better method for doing this? If not, I would love to see it on the product roadmap.
Apologies if this is widely discussed but I looked at a few threads that came up in search and didn't find any that talked about anything other than just using the notes field as a dumping ground for blobs of text.
Thanks everyone! Happy passwording ;)
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hi @ehed,
Thank you for taking the time to contact us! We always love to hear more about how people use 1Password and what they'd like to see! Reading your post brought back memories of all the crazy strategies I used to have for security questions many years ago, before 1Password saved the day! I feel like a lot of sites are moving away from that system, and implementing alternate safety nets instead (like another email or a cellphone number). Hopefully we won't have to deal with security questions for that much longer.
I also use the Notes section to store my questions and answers, so I'm on your boat! I'm curious to know why you'd like to have a history for security questions, would you mind expanding on that? I think I set it up and never look back at it, so I'd like to hear your take on that. :chuffed:
0 -
Hi @ehed,
I didn't think of talking about this when I answered earlier, but I'd like to tell you some of the awesome things you can do to customise your items. While you mention that sometimes you save the questions as text fields, you can go beyond that.
For example, when you create a new Login that required a security question, you can create a new Section for it so it's easy to find". You can then add a new line of plain text for each question, and a password item for its answer. If you need to input the answer at some point in the future you'd be able to copy it with one click. I've created an example login with a couple of security questions stored this way so you can take a look at it and see if you like it!
Please let us know what you think about it! :chuffed:
0 -
Thanks Pilar, this is exactly what I was hoping to find! I guess history isn't that important, just seems like question-answers are a pair of items that go together and pasting them into a text field felt inelegant. But the solution you provided is perfect.
I wish these security questions weren't on the rise but this year I've been forced to create them for so many sites, I feel anecdotally that they aren't on the way out :(
Thanks again!
0 -
Hi @ehed,
I’m glad that Pilar was able to help you out! I do the same thing for my security questions, although I’ve taken to using 1Password’s wordlist generator when creating new ‘answers’ to these questions: I had a situation once where I had to call in to verify my account details, and it wasn’t the simplest thing to explain to the support agent on the phone that my father’s middle name was e294Q6HCka2uXDo2xq. ;)
0 -
Haha, great point Megan! I guess that's why this seems like it might even be a good feature to build in, since they are a little different than ordinary passwords :
- they are a set of fields (question, answer)
- It's generally better to use words (default password generation type to "word")
- They are fairly common (alas)
Anyway thanks again for the tips! I've been using 1Password for so long now, i can't imagine being w/ out it. :)
0 -
Hi @ehed ,
Until we take over the world and abolish security questions in favour of simply using strong, unique passwords for every site, having an even better solution for storing security questions in 1Password seems like a reasonable alternative. I’ll let our team know you’re interested in seeing something like this!
And thanks so much for your kind words about 1Password, have a great day. :)
0 -
Yes please! I would love to have 1Password recognize when a security question was being asked, look up the question to see if I had answered it before. If so, autofill with may saved answer. If not, let me generate a random response and save it it.
Far from seeing fewer of these useless things, I am seeing more and more of them. My bank makes me change them every couple of months, and prompts for an answer every time I login on a new device. The copy/paste from 1Password technique gets old fast.
0 -
@bhawthorne: Likewise. This is unfortunately all too common. Equally unfortunate, there isn't any standard practice for this, so there isn't much for 1Password to build on to recognize these. Hopefully we'll be able to find a solution in the future though.
0 -
I understand that recognizing when a security question/answer pair is being set and auto-storing that is difficult. But even if I have to do that part manually for now, it would be great if Agile could give me some help in responding to challenges. That part is much easier.
Here's what I am doing now:
1. I manually create a new field in the Web form details for each question. The label is the text of the security question/challenge itself. The field is marked as a password type, and contains the answer/response.
2. When I am presented with a question/challenge, I go to the 1Password icon, and show web form details for the appropriate login item. Then, I scan down the list of questions to find the right one, click to copy, then paste it into the answer form.Here's what Agile needs to do to make life easier:
1. Display long labels better. Currently they cut off after about 7.5 characters.
2. Create a new "security questions" section that contain questions/answers that always display below the username/password, so I don't have to click "show web form details".
3. If I have stored a field with a name (e.g., "What was the name of your first pet?") that exactly matches text on a web form, autopopulate the text entry box with the matching answer, so I don't even have to open up 1Password and go searching myselfThe autosave feature for new questions/answers is harder. I would love to see a new setting: "Detect new security questions and answers and offer to save them." But I understand that detection is non-trivial. Still, even if you got 80% there by looking for the keywords "Security question" on each form submission, and then guessing at what text or form field represented the question that applied to each answer given, that would be huge! In fact, even if you couldn't automatically guess the question, and just filled in the question label with "Question 1" and saved the answers, that would be a giant step towards implementing this feature.
I guess what I am arguing for is giving us something soon, rather than waiting for the full problem to be solved. After all, isn't that what "agile" is all about?
0 -
I guess what I am arguing for is giving us something soon, rather than waiting for the full problem to be solved.
And that may be fair. I'll certainly pass the suggestion along to the team for their consideration. It is possible to get into a cycle where you're constantly trying to improve something to a point where you shoot yourself in the foot by never releasing anything. But we aren't there yet (or, even close). We're still in the brainstorming phase.
After all, isn't that what "agile" is all about?
I'd argue that being Agile is about flexibility, not releasing half solutions. ;)
Ben
0 -
It's great that we can so easily add custom sections, labels and values to an individual password entry but manually repeating this process across the 100s of websites that require security questions is time consuming and error prone. It would be great if we could add a custom sections and labels to the template for a category (e.g. "Logins") so the section would be consistent and ready to go when we need it.
0 -
Thanks for the suggestion @bob_smith!
Ben
0 -
I put them in the note section. Since I am able to put the answers down in a secured app, I also lie. I never thought about making sections for this. Not a bad idea, but there are days I am just lazy :p
0 -
Ha. I'm the same way. Certainly using custom sections/fields for this are a much more elegant approach, but in practice I just use the Notes field too. It's just easier. :lol:
0 -
Can someone please give me step by step in creating the security questions with answer. I cannot find it.
0 -
@jb123: It isn't really possible to go all the way step by step since the process will vary between websites (and platforms), but generally speaking you can use the password generator to create crazy "security" questions and answers:
My security question. Can you guess the answer? Okay, not really.You'll note that I've disabled symbols since these are usually not allowed in these forms. The most important step is to save each of these to your login as you use them so you don't lose them. For example,
Security Question A: x8vFy76mv6j26vqTw3vstqw2q3t9iJ
Security Answer A: M92Pn99EkrTt9cLheWBu83wrA74zj4
Security Question B: citrus tonal chromo errata fortuity convoy economic
Security Answer B: repine anyways chandler electric wriggly done eliteI've also used different methods for A and B: "characters" and "words". Characters are better security-wise, but the reality is that words are often a better option in practice for security questions/answers since these may need to be read over the phone to someone, and in those cases words save everyone involved a lot of agony. ;)
My example item. There's no right or wrong way. Just do what works for you.I hope this helps. Let me know if you have any other questions! :)
0 -
(I hate these back doors, but many sites force them on you.)
I wish there was a way to automatically have the whole "Security" Questions section set up like Pilar's screen shot (except, I would label them Question 1, Answer 1, Question 2, Answer 2, Question 3, Answer 3). That way I would just have to type in each question and generate each answer.
The best solution would be if the section was just automatically there under each new Login created (like notes and website already are).
If not, then an option to make this type of section when making a new section (similar to how you can choose different item types there could be different section types to choose from).
If 1Password was more aware of these questions (instead of us each individually making generic text-password items to use for this purpose), then the problem from this thread could be solved: https://discussions.agilebits.com/discussion/76888/combining-a-login-with-answers-to-security-questions -- 1Password could look for the text of the question (instead of looking at the html like it does for passwords) and nearby form field to decide when to auto-fill the answer.
0 -
@Zachariah: Oh wow. I had to reread my post to refresh my memory! :lol:
(I hate these back doors, but many sites force them on you.)
Amen. Fortunately while they do crop up from time to time, I don't see them as often as I used to.
The best solution would be if the section was just automatically there under each new Login created (like notes and website already are).
We don't see a lot of requests like that since custom fields allow this and a lot more flexibility, but it's certainly something we can consider adding in a future version. Cheers! :)
0