What is your mother’s maiden name?
Where does this question fit in the world of security today? I’ve seen this question as a means to assist in verifying my identity since I first opened a bank account. I had to physically find a branch and fill out the application in either blue or black ink at the time. Even then, before the world of Google and iPhones, I questioned the premise behind this. I asked the bank manager, “How does this help? Anyone who knows me would know who my mom is and who she was and would know her maiden name as easily as I do.” The account manager told me it was company policy and a mandatory field on the application. I shrugged it off, completed the application, and opened my first checking account. It wouldn’t occur until nearly twenty years later that I could have put anything in that field. It was simply a field in a database somewhere that someone would look up if my identity needed further verification.
That realization pushed me through for nearly another ten years, answering these types of security questions with some nonsense that I thought nobody would guess and I would easily remember. After a time, though, another problem started to creep in. The sheer number of online accounts that I had which contained security questions made it impossible for me to remember the answers to all of the unique questions that were asked, including sites that allowed me to create my own! We get stuck in this mindset that everything needs to be unique and that if it’s difficult for us to remember, it’s more secure, and this is not the case. Humans are terrible at random. Our patterns have patterns, and out there somewhere is a computer that is working much harder than I am to figure out what those patterns are.
So what is there to do?
I started using the wallet for my browser years ago, and then as the OS advanced, using apple’s keychain for most things, and then recently, I started using a third-party password manager. The particular password manager I use is 1 Password. There are many password managers out there, and we might dig into some of these and what the different ones offer at a later date, but for now, I want to focus on how 1 Password has helped me solve the particular problem of my mother’s maiden name. I’ve already set up 1 Password with the username and password for logging into my atmail cloud account in the following examples.
Leveraging your password manager.
1 Password has additional fields that can be configured and used to help generate random strings that you can use to answer these questions and easily retrieve them when needed. Let’s take a look at the account settings page in the atmail cloud as an example. You can find this in your atmail cloud account by clicking on the settings menu next to your account in the upper left-hand corner of the application. From here, click on the Accounts link, opening up the following page:
Next, we’ll open 1 Password, navigate to the Vault that contains the details of the account you’re logged in as. From here, you will need to edit the account being used. We are going to create a custom “SECTION” underneath of username and password fields. I’ve renamed it from SECTION to ACCOUNT SETTINGS. I prefer to label mine as close to the site I am using, so if I don’t log in somewhere for a while, I’m not hunting around for the information I need.
Underneath the ACCOUNT SETTINGS section, there are two fields, “label” and “new field”. I’ve used the label field to type out the security question I want to use, and then to the right of this, there is a drop-down menu to select what type of new field it is. I use 1 Password’s random string generator to create the answers for my questions by selecting Password from the drop-down menu. I follow this process for the other security questions and then save everything in 1 Password.
The next step is to input these random strings as the answers to the security questions in your atmail cloud account. With 1 Password open to the account you are using, you can hover over the questions in the interface, which will bring up a copy dialog to copy the hidden string directly to your clipboard. You also have the option to select “Reveal” from the drop-down menu for a visual reference. Now all you have to do is click save in the atmail cloud, and your answers are saved for when you need them.
When you need to retrieve the answers to your security questions, you only need to open 1 Password again and copy and paste your answers into the fields when prompted.
Now, this isn’t some breakthrough in technology here. Password managers have been around for some time now, and I do encourage everyone to use one. The real benefit to me is the time saved. The paradigm of security vs. convenience is complicated and different for everyone. For me, finding a way to create, save and retrieve actual random strings to help verify my identity not only saves time by not only by having it all in one place while setting it up, but I don’t think about it again until I need it and when I do, it’s readily available. The piece of information that pushed me over the edge to finally using a password manager and ultimately choosing 1 Password was an episode of the All Things Auth podcast with Pilar García. I would recommend having a listen.
Need more help with email security?
Do you have a specific need for your organization’s password management? Do you need advice or guidance on using a password manager with email? Our team of email security experts here at atmail are available to assist you with your password management needs and answer any questions you might have.
With 22 years of global, email expertise, you can trust us to deliver an email hosting platform that is secure, stable, and scalable. We power more than 170 million mailboxes worldwide and offer modern, white-labeled, cloud-hosted email with your choice of US or (GDPR compliant) EU data centers. Talk to us today.