With tools like SSRPM (Self Service Reset Password Manager) it is possible to delegate requests for password resets for users themselves. If the user is blocked because of a wrong password, simply click the button “I forgot my password” available from the login screen and, after answering a few questions security, they may reset their own password.
The advantages are clear:
- a reduction in calls to the helpdesk
- reduced support costs
- Improved safety (how your helpdesk identifies the caller today?)
But what are the right questions of security? How to create a list of questions that are highly secure and difficult to guess, and at the same time be easy to remember?
The site goodsecurityquestions.com (in English) gives you some tips and ideas concerning the creation of these security issues.
Some important criteria for the definition of security issues:
- Difficult to guess or find the answer (via internet or other research: social engineering)
- The answer does not change with time
- Easy to remember
- The final answer must be simple and unambiguous in a simple format
The most relevant issues are often those related to the past of the end user, and not changing with time (and no: what is your favorite color?), No questions where the answer may be in different formats (times, dates …), no questions where the answer can be shared with colleagues (your dog’s name …) or responses that can be found on social networks (Facebook, etc.).
- What is the name of your first boss?
- What was your first pet?
- What is the name of the eldest of your nieces?
Click here for more information about resetting passwords in user self-service or on good practices to identify security issues.