Don’t Use Password Reminders

Never make use of password reminder questions that most web sites require when registering new user accounts.

Why?  If you register an account at CompanyA.com, and CompanyB.com has the same questions, then those companies will have access to your account at the other site.  As more and more web sites require these ineffective questions there exists more potential of abuse of this private data.  Many of these sites use the same pool of questions.  Even if you use the less frequently used questions or get to make up your own question/answer pairs we believe that nobody should have access to this sensitive data.  All of these questions and answers collectively tell a lot about your life.  Do you really want everyone to know what you ate on your first date with your first girlfriend in your first car?

But most sites require I have these questions …

What we do is make up answers to all of these questions.  Never give real answers.  Since we know our passwords and will never forget them (thanks to metaPassword) we don’t need to use those silly password recovery questions.  We do, however, record the questions and answers as a precaution.  One particular mega-company (hint: it’s fruity) actually requires you answer these questions to reset your password even if you can provide boatloads of other information.  Just record the questions and answers in an encrypted database such as KeePass in combination with metaPassword.


Another option is to use metaPassword to create the answer for you! Simply type the site name into the Site Name field in your usual format (such as “mywebsite.com”) followed by a space and then the security question in a normalized format (something you will remember).  As long as you consistently use the same format it doesn’t matter how you enter the question, because you will always get the same resulting Site Password.

For example, for the security question, “What was your first car?” you could enter “what was your first car” after the Site Name:

Site Name:

mywebsite.com what was your first car

This will give you a password of “j+LipzZ91a” using a Master Password of “password” (obviously, a poor choice for a password!). You would enter that into the answer field for that security question.

You have just increased the security of your account using the functionality of metaPassword!