Your Answers to Security Questions Should Be Random, Too

At LastPass, we often reiterate the need for randomly generated passwords in order to increase your online security. A feature that often gets overlooked are the security questions that your sites and services may have you fill out as you register.

In theory, security questions are slightly more obscure, but still personalized questions that you create answers for, that will later be of help if you need to “prove” your identity when recovering access to an account or contacting a customer support team. However, the questions can create a security loophole. On top of the increased risk, if you’re using a password manager to store your passwords, there’s no reason you should have to go through the recovery process.

That’s why we recommend “generating” your answers to your security questions, or creating falsified answers that you can then securely store in LastPass for reference. This ensures that security questions cannot be used against you should someone try to gain unauthorized access to one of your accounts – this is how Sarah Palin’s email was hacked, and how other individuals have fallen victim to violations of their personal privacy.

It’s easy to get started with random security answers when you’re registering for a new site. When you’re presented with a question, simply click the LastPass icon in your browser and select the “generate a secure password” option. You can click the “advanced options” box to customize the characters, and even make the password pronounceable:

You can then use the “copy” option to copy-paste the password into the answer field for the question, and submit the information on the site. Once you’ve saved that site to LastPass, ensure you’ve also pasted the generated password into the “notes” field in the edit menu for the site entry, indicating that it’s the security answer for your account.

If you know you’re using personal information for security answers, set aside some time to login to those accounts, generate a new “answer” with LastPass, and store the update in your site entry. Accounts for online banking, email, social media, and credit cards are all good places to start.

Have a question you’d like to see answered by the LastPass team in a blog post? Let us know in comments or send us a note at marketing[at] If we choose your question, you’ll get a Tshirt!


  • Aagen Dev says:

    I’ve been a LastPass user for a couple of years now and I love the product. That said, why not add functionality to the product to allow us to add in the site security question and corresponding answers rather than copy/pasting this into the Notes section?

    Visit my blog :: roomba 880 in malaysia

  • amsomr says:

    I never used this featured option yet on my lastpass vault
    thank you

  • Gryzor says:

    Random passwords? How about the argument for non-random, but longer passwords? This has always bugged me with LP’s random pwd generation…

  • Steve Burns says:

    I’ve been a LastPass user for a couple of years now and I love the product. That said, why not add functionality to the product to allow us to add in the site security question and corresponding answers rather than copy/pasting this into the Notes section?

  • I just lie. When asked for my mother’s maiden name, I might say “Hitler”

  • What if LastPass gets hacked and my passwords gets stolen ? What steps LastPass team would take in that case ?

  • Anonymous says:

    I wish I can at least choose a good random password for my bank. My bank only will let me have 8 characters and no special symbols.

  • Anonymous says:

    Another approach which I like a lot is to use an answer that has absolutely nothing to do with the question. Pick a word, or several words, that you can easily remember – may use a few, and assign them to different categories of questions. For example, any question about a city (What city were you born in? What city did you meet your partner in? What city were you married in?), you might answer with “bananas”. For questions about animals (What’s your favorite animal? What was the name of your first pet?), use “submarine”, for example. Mother’s maiden name, father’s middle name, person you took to prom – “chevrolet”.

  • Anonymous says:

    Often I have to read my security question over the phone (e.g. every time I call my financial advisor). In these cases I use a different random phrase generator that picks N random english words. Makes for a slightly less awkward phone experience. Just pick a large enough N that you are comfortable with that level of entropy.

  • Anonymous says:

    Excellent advice. I started to do this just recently by making up untrue answers to the secret questions. I did not know that Lastpass can create pronouncable passwords.

  • Johan Klos says:

    Yeah, I hate it when a site requires you to answer a secret question. In my opinion, the ONLY valid reason for a secret question is to answer it before sending a password-reset link to the registered email, NOT to change passwords or anything else.
    But yeah, I make the answers themselves a strong password which has nothing to do with the question. Adding it to the notes would work as well, of course :D

  • Anonymous says:

    And you expect what for free? Rotate your master password with a very complex password every thirty days and then add 0613 for the June update, 0713 for July and so on.

  • Anonymous says:

    Actually, I wish there would be first class support for this in LastPass. Now I have to manually generate and save the answers. There should be an option to automatically save and auto-refill if required.

    • Anonymous says:

      totally agree! it’s kludgey to have to use the “generate PW” tool and then copy-paste. I would like to see a feature which generates answers to these questions and enter them for us automatically, as LP currently does our PWs.

    • Anonymous says:

      It does, you press accept after generate, then it autofills.

  • Unknown says:

    Second the different level of security. How about the master password then a 6 digit pin at access your extra secured things?

  • Anonymous says:

    This is a rather bad idea as the notes don’t require re-entry of your master password. I’d like to see real support from lastpass to store extra sets of credentials _securely_ within that same account entry.

    • Amber Gott says:

      As long as you select master password reprompt for the site entry, or as a universal option when editing all entries, it should address this concern?

  • hazclan13 says:

    Guys, I have been telling people to do this for 6+ years!
    Amazing that your service now offers it through the management interface!