Ideally you still want it to be something you’ll remember, unless you’re using a password manager capable of tracking those for you.
The mistake that guy made is that he still chose a name he had some attachment to. You want to make sure you choose something you have no attachment to whatsoever.
And then never reuse the same answer between different services, just in case one of them is storing them as plaintext.
what you are describing is password and we use wallets for these. the problem is, that various services intentionally presents “security question” as sort of a fallback for when you forget the password, because you wouldn’t forgotten your first pet’s name, right? it is fundamentally wrong approach.
what you are describing is treating the “security question” as second password, which is possible, but kinda pointless. if you have good password stored in the wallet, it is safe and you won’t forget or lose it. and if you lost it, it is probably because you lost access to the wallet, so saved security question you treated as a second password and stored in the same wallet is kinda useless now.
I’m just recommending that folks treat the answers to the security questions, at a minimum, like they treat their passwords themselves. The security questions are a way around the password, and so they should be kept just as secure and hard to guess.
If you’re using a secure password manager, great, that’s exactly the best approach. The majority of people don’t, which is where this sorta thing becomes an issue. If you have a password manager and the service you’re using forces you to answer security questions, of course you can let the password manager generate something just as random as the password itself (provided it can remember it and can track which term corresponds to which question). For anyone who does not, it’s just important to choose something you’ll remember but no one who knows details about your life can simply guess. Otherwise it doesn’t matter how secure your password is.
Ideally you still want it to be something you’ll remember, unless you’re using a password manager capable of tracking those for you.
The mistake that guy made is that he still chose a name he had some attachment to. You want to make sure you choose something you have no attachment to whatsoever.
And then never reuse the same answer between different services, just in case one of them is storing them as plaintext.
what you are describing is password and we use wallets for these. the problem is, that various services intentionally presents “security question” as sort of a fallback for when you forget the password, because you wouldn’t forgotten your first pet’s name, right? it is fundamentally wrong approach.
what you are describing is treating the “security question” as second password, which is possible, but kinda pointless. if you have good password stored in the wallet, it is safe and you won’t forget or lose it. and if you lost it, it is probably because you lost access to the wallet, so saved security question you treated as a second password and stored in the same wallet is kinda useless now.
I’m just recommending that folks treat the answers to the security questions, at a minimum, like they treat their passwords themselves. The security questions are a way around the password, and so they should be kept just as secure and hard to guess.
If you’re using a secure password manager, great, that’s exactly the best approach. The majority of people don’t, which is where this sorta thing becomes an issue. If you have a password manager and the service you’re using forces you to answer security questions, of course you can let the password manager generate something just as random as the password itself (provided it can remember it and can track which term corresponds to which question). For anyone who does not, it’s just important to choose something you’ll remember but no one who knows details about your life can simply guess. Otherwise it doesn’t matter how secure your password is.