Chris mentioned on Twitter the security risk associated with security questions. This sounds counterintuitive, but most of the security questions companies ask you in order to reset your password are things that are easy to find if you know where to look. And the criminals who want your data usually know where to look. This struck me as really odd. I never tell the truth on these kinds of questions. In fact, I don't know the answer to most of my security questions. But 1Password does. I have taken to using the 1Password Strong Password Generator to generate long random passwords with no numbers or special characters. (These would likely not be allowed in an answer to a security question.) So, when websitex.com asks me for my mother's maiden name, they get something like this:
So, in addition to not remembering my passwords anymore, I don't remember my security questions either. I store this information either in the "Password History" section of 1Password or better yet in the notes field of the login that the security question belongs to. Sure, this takes a little time to set up for each account and I haven't gone back through most of my old accounts to change these, but when setting up a new account, I definitely take the time to add an extra layer of security to my online life.
