In another thread, I mentioned that I prefer not to use any automated password apps. That might be an irrational fear on my part, but it is what I do, and I know I'm not alone.
So I had mentioned a trick I use (I came up with it independently, but I'm sure it was used by others before me), and it has worked well for me. In short, I have a standard "prefix key" and a standard "suffix key" that are somewhat complex, yet easy for me to remember. So for every site that I want to use a fairly secure password, I use the prefix-suffix and a unique middle word for that site.
So if Prefix is "APPLE123
" and suffix is "zebra789
" (but use non-dictionary words for better security), I might use "$LB
" for the middle word (for "Local Bank" - and since the use of 'special characters varies by site, I add any special characters in the middle word). So for my local bank, my PW would be "APPLE123$LBzebra789
". The nice thing is, I can write this down on paper, or on afile in my computer, and all I need is a note to myself for what site it is, and then something like " -- $LB --
", and I know to add the prefix/suffix. If a bad guy gets that file or paper, they won't know what to do with it. I keep the prefix and suffix written down somewhere else, just in case I have a lapse in memory.
Fine, but those pesky security questions.
I was born in a populated city (easy guess). When I was helping my DM with some stuff on the internet, I had to guess her security questions, and the general ones were easy (baseball? chocolate? piano? - you can play Jeopardy and guess the questions!). Many of those specific questions might be discover-able by a motivated bad guy (Mother's maiden name, child's middle name, etc...).
So I borrowed my 'key' idea, and the last time I had to set up security questions, I created a security question prefix. Let's say it was NOYB- (None Of Your Business). So here is how my security challenges are now answered:
What was the name of your best friend in high school?
What street did you live on in grade school?
What city did you meet your spouse?
and so on...
I think I can mange to avoid a too similar question set (like the city you were born and the city you were married) if the site does not allow the same answer for two different questions (but those could be the same anyhow?). So this should work. Heck, if it was a human and you slipped and said "NOBY-married" instead of "NOYB-city", I'd hope they'd figure out that nobody else would have said "NOYB-anything
", so that would be good. A computer would see them as different though.
So I will do continue to do this in the future, maybe even go back and change the ones that I can. Anyone see an issue? Suggestions?