Secret Questions is a knowledge-based authentication service. Users can verify their identity by answering a set of questions that only they know the answers to.
Some examples might be:
- What is your favorite pin code?
- What are the last four digits of your bank account number?
- What was your favorite place to visit as a child?
- What was the name of your family’s first pet?
When a user enrolls with the Secret Questions identity service, they must select questions from a predetermined list and provide the answers to them.
Then, when the user authenticates using Secret Questions, they are presented with the questions they chose during enrollment. They must answer these questions correctly, in order to authenticate successfully.
Configuring Secret Questions
As an administrator, you can configure the settings for the Secret Questions identity service. You can decide:
- How many questions a user must answer before they can authenticate successfully.
- The number of incorrect answers a user can give before being locked out.
- The length of time a user is locked out for, if they fail to answer the Secret Questions correctly.
- The minimum character length per answer.
- Whether answers are verified during enrollment
- Whether all answers per user have to be unique
- The language of the questions.
- If you want to include any custom questions.
Number of questions to answer
You can specify how many questions a user needs to answer, in order to authenticate successfully. This can be done by dragging the Number of questions to answer slider. The minimum number of questions that can be answered by a user is 1 and the maximum number is 10.
Number of allowed failed answers
You can specify how many failed answers a user can submit, before being locked out of the Secret Questions identity service and prevented from authenticating, by dragging the Number of allowed failed answers slider. The minimum number of incorrect answers can be between 1 and 10.
Example: Drag the slider to 10, if you want a user to be locked out after giving 10 incorrect answers to a question.
Lockout duration in minutes
If a user has given the maximum number of failed answers, they will be locked out and temporarily prevented from authenticating with the Secret Questions Identity service. You can specify how long they will be locked out for, by dragging the Lockout duration (min) slider. The minimum amount of time a user can be locked out for is 15 minutes and the maximum amount of time is 1440 minutes (24 hours).
Minimum allowed length for answers
You can specify the minimum character length for each answer, by dragging the Minimum allowed length for answers slider. The minimum character length for an answer can be between 1 and 10 characters.
Verify answer during enrollment
You can set wehther or not the answers are verified when users enroll.
Require unique answers
By default, users are allowed to enter the same answer for all of their own questions. By checking this settings, users will have to enter unique answers for their questions. When entering the answers for the first time, users will receive a warning when the answer is not unique. Note that answers have to be unique for that particular user. Answers do not have to be unique across different users.
Selecting the questions
Under the Questions tab, you can select the questions that will be available to your users when they enroll. You can use the default questions already provided, create your own custom questions, or choose a combination of the two.
A required question is compulsory a question that users must enroll with and answer when authenticating. To a make a question required, select the Required checkbox to the right of the question.
Removing questions from the list
If you don’t want a question to be made available to users during enrollment, remove it from the list by clicking the Remove the question icon.
The default language for Secret Questions is English, however, you can reproduce the same set of questions in multiple languages. This is particularly useful if your organization has employees in different locations all over the world.
Example: If your organization has offices in U.S.A, Denmark, and France, you can replicate the same set of questions in English, Danish and French.
To add another language, click the Add Language drop down and select it from the list. A set of questions will appear in your selected language, in a tab on the right-hand side of the screen.
Example: If you select Danish, a tab containing Danish questions will appear on the right-hand side of the screen.
To change the default language to one of the other languages you have selected, click the Set default language drop down and select a language from the list.
Example: If you select Danish, it will replace English as the default language.
To create a custom question, click the Add custom question button and enter the text for the question in the text box.
You can revert to the default settings at any time, by clicking the Revert to default settings button.
Saving the configuration
When you have finished configuring the settings, click Save.