Security questions

The purpose of security questions is to enhance account security and/or to track an account's bookings in more detail. A user who does not provide the correct answers to all the questions cannot make a booking against that account.

If security questions are set for an account, users have three chances to correctly respond to all the questions before being locked out of the account - this generates an automatic notification to the administrator who needs to unlock the locked ID.

Administrators can set up to 10 security questions per account - the setup is done on an individual account basis. The questions are saved in a numbered sequence which determines the order in which the user has to answer the questions. New questions are appended to an existing sequence. The administrator can modify/delete questions and re-order the question sequence at any time.

From an individual user's point of view, answering more than two security questions is a frustrating handicap to making bookings quickly. It is recommended that you closely restrict the number of questions per account.

Hints on creating questions

•	The "question" should be a clear and simple instruction.

It should either allow the logged-in user to type free text, such as: "Type your manager's name", or require specific pre-defined data such as "Type the extension number for the SameDay Helpdesk".

•	To elicit a free text response, leave the Answer field blank.

The system validates the user's input only so far as to ensure that the field has not been left blank. If the user does not type anything and clicks Next, the system interprets it as a wrong answer.

•	To elicit a response that is an exact match, enter the required response in the Answer field.

The user's response is validated although the system does not distinguish between "ABC" and "aBc" - security answers are not case-sensitive.