Configure Security Questions
Security Questions authentication policies support authentication of the user by validating responses to defined security questions, such as the user’s mother’s maiden name, a personally notable date, or the make of the user’s first car.
- When you create a security question prompt, it is added to the security questions prompt group (that is, a set of the relevant prompts).
- When you set up a Security Questions authentication record for a user, you enter responses provided by the user to the Security Questions to a required number of prompts from this group.
- When the user subsequently attempts to authenticate using that authentication record, only the prompts for which the user has provided Security Question are presented.
There is no constraint on the number of prompts that you can specify in the prompt group for a specific Security Question authentication policy.
You configure security questions using the ActivID Management Console.
The ActivID Appliance base dataset contains predefined security questions.
Code | Name | Prompt |
---|---|---|
PR_1ST_JOB | First job town | In what town was your first job? |
PR_ANIMAL | First stuffed animal | Name of your first stuffed animal? |
PR_BR_BDAY | Youngest brother's birthday | Your youngest brother's birthday |
PR_CAR_CLR | Color of your first car | Color of your first car |
PR_CHILD | Middle name of your youngest child | Middle name of your youngest child |
PR_E_SCHL | Elementary / primary school name | Name of your elementary/primary school? |
PR_FRIEND | Favorite childhood friend | Name of your favorite childhood friend |
PR_LICENCE | Driver's license number | Last 5 digits of your driver's license number |
PR_MEET | City you met your spouse | City you met your spouse/significant other |
PR_MEMPHR | Memorable phrase | Enter a memorable phrase (greater than 12 chars) |
PR_MEMWRD | Memorable word | Enter a memorable word (greater than 8 chars) |
PR_NICK | Childhood nickname | Childhood nickname |
PR_PHONE | Childhood phone number | Childhood ph num including area code |
PR_PLACE | Nearest sibling's place | Where does your nearest sibling live |
PR_SECRET | Street number of the house | Street number of the house you grew up in |
PR_SIBLING | Oldest sibling's middle name | Your oldest sibling's middle name |
PR_TOWN | Mother and father's town | City or town did your mother and father meet |
Create a Security Question
-
Log on to the ActivID Management Console as an ActivID Administrator.
-
Select the Configuration tab and, under Policies, select Authentication and then Security Questions.
- Code – the unique code identifying the security question.
- Name – the name of the security question.
- Prompt – the label used for the security question when prompted to the final user.
-
Click Add to launch the Security Question creation page.
-
Enter the main information for the Security Question:
- Name – should be unique for ease of administration.
- Code – a value is automatically generated but it can be changed. The code must be unique, a minimum of three characters, and a maximum of 10 characters. It cannot be changed once the security question is created.
- Prompt – content is free-format.
-
In the Answers Creation Constraints section, define the constraints enforced when an answer is created:
Characters rangeConstraint Description No constraint
All characters allowed.
Only numeric
Only numbers allowed, no punctuation, no characters, and no spaces.
Only alphabetic
Only letters allowed, no punctuation, no numbers, and no spaces.
Numeric OR alphabetic
Combination of letters and numbers allowed, no punctuation, and no spaces.
Numeric AND alphabetic
Must have a combination of letters and numbers, no punctuation, and no spaces.
LengthConstraint Description Min length
Minimum number of characters for the answer.
Max length
Maximum number of characters for the answer.
Additional ConstraintsConstraint Description Forbidden values
For answer must not contain the user's username or be a user attribute. Answers are compared against the user attribute values specified for that user.
Note: User attribute values, such as surname and date of birth, are specified in relation to attribute types assigned to the user type to which a user belongs.Date format
Specify the format of dates provided as or as part of answers.
-
In the Answers Verification Constraints section, select the Case-sensitive verification option if case-sensitivity should be enforced when an answer is verified.
-
Click Save.
All existing security questions are listed in a paged table. The total number of questions is given in the lower left corner.
Each row corresponds to a Security Question. It provides the following information in the different columns:
Edit a Security Question
- Log on to the ActivID Management Console as an ActivID Administrator.
-
Select the Configuration tab and, under Policies, select Authentication and then Security Questions.
-
Click the Code of the Security Question that you want to edit.
-
Edit the security question settings as required and click Save to apply your changes.
All the tabs are accessible and all settings can be modified except the Code.
If you want to cancel the operation, click Back to List.
Copy a Security Question
- Log on to the ActivID Management Console as an ActivID Administrator.
-
Select the Configuration tab and, under Policies, select Authentication and then Security Questions.
-
To copy one or more Security Questions, select the check boxes to the left of the names and click Copy.
- Code
- Name – ‘Copy of’ is appended to the original name.
-
Click the Code of the Security Question that you just copied and edit the settings.
-
Click Save to apply your changes.
One copy for each selected security question is created with the same parameter values except the: