Set Up Good Security Questions for Password Reminders and Don’t Get Locked Out!
If you are a Nexternal user (and if you read this blog!) you probably already know that Nexternal takes multiple steps to secure your Order Management System (OMS) and all the data in it. For example, we impose strong password requirements to ensure that passwords aren’t easily guessed by others, and all administrators must change their password every 90 days. If an administrator doesn’t log in for 90 days, that user record is de-activated until another administrator re-activates it. And if any user attempts to log in too many times with the wrong email and password combination, the system will block additional attempts, even with the correct password, for a period of time (to preclude bots from multiple attempts at entry.)
While Nexternal is lauded for all of this security, these measures can present a challenge if a legitimate user of the OMS simply forgets their password and needs a reminder to log in. For this purpose, Nexternal offers an OMS user password reminder function, which we strongly encourage all Nexternal merchants to set up in their OMS. It’s quick to set up, easy to use, and will save merchants and their users headaches in the event that passwords are forgotten.
Generally speaking, a Merchant is allowed to set up a few questions that Users can choose as their security Q&A – similar to how a bank or other financial institution manages password security. If a user forgets their password, they must answer the requisite number of security questions properly, and a temporary password will be sent to them via email. Once they log in with the temporary password, they will be prompted to change the password to something permanent. Here’s a quick video tutorial on how to set this up in your Nexternal OMS.
But what makes a good security question?
When setting up questions for this user password reminder functionality, merchants should be mindful to set up questions that apply to almost everyone and for which each user will have a unique and easy-to-remember answer. Questions are best if the answers are finite and don’t change over time (for instance, a user’s favorite color could be green today, and red next year, but the name of the person you first kissed never changes.) Questions should not ask for information that is commonly found on social media or other sites, or information that is easily researched.
For your convenience, here is a list of questions that generally meet these parameters and typically work well for this purpose. We recommend providing a selection of several questions from which your users can choose, to be sure that every user can answer at least one or two of them…
What was your High School mascot?
What street did you live on when you were 10 years old?
What was the make of your second car?
What was the model of your first car?
What was your first pet’s name?
What is the name of your elementary school?
What is the last name of the first person you kissed?
In what town did you meet your spouse/partner?
What is the first name of your best friend in High School?
What was your childhood nickname?
In what city or town did your parents meet?
In what town did you celebrate New Year’s Eve in 2014?
Which web browser do you use most often?
What is your maternal grandmother’s maiden name?
In what town were you when you first heard about 9/11?