New Year’s Resolutions with LastPass: #5 Generate Your Answers to “Security Questions”

While the password generator is key for diversifying and strengthening your account passwords, it’s also a great tool for providing answers to common “security questions” for your accounts.

Security answers are often included as a second form of login verification or as part of an account recovery process, most frequently with online financial institutions and email accounts. Although many sites have made an effort in recent years to increase the obscurity of the security questions (at least, we hope they’re generally better than this), the fact remains that the answers to common security questions are more accessible than ever before. Even if you’re not a high-profile target, by generating answers with the LastPass password generator you’ll help reduce the risk that someone may use security questions to compromise your accounts.

When registering for new sites that require an answer to a security question, it’s simple to quickly generate an “answer” and add it to the new site entry stored in LastPass.

Let’s say you’re signing up for a new Gmail account. After going through the set-up process, we go into the account settings to create a security question & answer for account recovery purposes.


After selecting a question from the drop-down options, we go to the LastPass Icon, choose the Tools menu, and open the “Generate Secure Password” feature:
When the dialog opens, you can check “Show Advanced Options” to customize your generated password:

Click “generate” to create a new password with your customized options, then “copy” to copy the password to your clipboard. Go back to the security answer field, and paste the generated password. After confirming that your new answer is accepted by the site, you can go to your LastPass Icon, click on the site name listed at the bottom of the menu, and open the “edit” dialog. Paste the generated password in the Notes, also noting which security question you chose.

If you know you’re using personal information for security answers, set aside some time to login to those accounts, generate a new “answer” with LastPass, and store the update in your site entry. Accounts for online banking, email, social media, and credit cards are all good places to start.

Generating answers with LastPass doesn’t directly affect your Security Check score, but it will improve your overall online security.

Best,
The LastPass Team

22 Comments

  • Goochy says:

    Google Authenticator is the equivalent of those proprietary Bank token calculators…

    Perhaps more and more sites will link to the Google Authenticator if we’re lucky.

  • Increasingly, banks are issuing code verification devices about the size of a small calculator. These are a real PITA. I have two already, and they are not convenient to carry around on top of all of the other widgets I have.

  • Increasingly, banks are issuing code verification devices about the size of a small calculator. These are a real PITA. I have two already, and they are not convenient to carry around on top of all of the other widgets I have.

  • Can someone explain this one to me? If you don’t intend to use a memorable security answer (with which I agree), surely it is safer not to use a security question at all!

    Sure, if a website doesn’t give you that option, using a sufficiently complex security answer is a good way to make sure the security question can never be used to retrieve the password. I get that part.

    But LastPass contains the primary password, so I don’t see the use in storing the security answer there too. If you have LastPass access, you have access to both. If you don’t, you have access to neither. By extension, I don’t see the advantage of an automatically generated answer over some random keyboard gibberish.

  • Goochy says:

    Login security is way too complex. Lastpass helps, but this is ridiculous. Banks, etc. have to take initiative and come up with better and standard solutions… Especially for mobile.

  • ahow628 says:

    Any chance we could get something specifically built into the password saving dialog to perform and save this specific function. I currently have them all saved as secure notes but would love to see them nicely saved and be able to copy them from the browser extensions directly.

    Thanks for LastPass!

    • Amber says:

      Thanks for the suggestion, I’ll pass it to the dev team for their consideration. It does require several steps at the moment, automating it would be optimal.

      Amber

    • Jack says:

      I save the question and answer in the Notes section of the login record. That way when you need the answer, you can just bring up the record in edit mode, select and copy the answer, close the record and paste it into the question’s answer box. I think it’s easier than searching your secure notes, and each answer is located with the associated web site.