Set Up Good Security Questions for Password Reminders and Don’t Get Locked Out!

Wednesday, November 23rd, 2016
0 Flares Filament.io 0 Flares ×

If you are a Nexternal user (and if you read this blog!) you probably already know that Nexternal takes multiple steps to secure your Order Management System (OMS) and all the data in it. For example, we impose strong password requirements to ensure that passwords aren’t easily guessed by others, and all administrators must change their password every 90 days.  If an administrator doesn’t log in for 90 days, that user record is de-activated until another administrator re-activates it.  And if any user attempts to log in too many times with the wrong email and password combination, the system will block additional attempts, even with the correct password, for a pSure theriod of time (to preclude bots from multiple attempts at entry.)

While Nexternal is lauded for all of this security, these measures can present a challenge if a legitimate user of the OMS simply forgets their password and needs a reminder to log in. For this purpose, Nexternal offers an OMS user password reminder function, which we strongly encourage all Nexternal merchants to set up in their OMS. It’s quick to set up, easy to use, and will save merchants and their users headaches in the event that passwords are forgotten.

Generally speaking, a Merchant is allowed to set up a few questions that Users can choose as their security Q&A – similar to how a bank or other financial institution manages password security. If a user forgets their password, they must answer the requisite number of security questions properly, and a temporary password will be sent to them via email. Once they log in with the temporary password, they will be prompted to change the password to something permanent. Here’s a quick video tutorial on how to set this up in your Nexternal OMS.

But what makes a good security question?

When setting up questions for this user password reminder functionality, merchants should be mindful to set up questions that apply to almost everyone and for which each user will have a unique and easy-to-remember answer. Questions are best if the answers are finite and don’t change over time (for instance, a user’s favorite color could be green today, and red next year, but the name of the person you first kissed never changes.) Questions should not ask for information that is commonly found on social media or other sites, or information that is easily researched.

For your convenience, here is a list of questions that generally meet these parameters and typically work well for this purpose. We recommend providing a selection of several questions from which your users can choose, to be sure that every user can answer at least one or two of them…

What was your High School mascot?
What street did you live on when you were 10 years old?
What was the make of your second car?
What was the model of your first car?
What was your first pet’s name?
What is the name of your elementary school?
What is the last name of the first person you kissed?
In what town did you meet your spouse/partner?
What is the first name of your best friend in High School?
What was your childhood nickname?
In what city or town did your parents meet?
In what town did you celebrate New Year’s Eve in 2014?
Which web browser do you use most often?
What is your maternal grandmother’s maiden name?
In what town were you when you first heard about 9/11?

Need help with set up? Check out the short video included in this post, and don’t hesitate to contact your Nexternal account manager if you need additional assistance.

Pamela is a Senior Account Manager at Nexternal and works in the Napa Valley office. She is passionate about helping her clients succeed. With 20 years' experience in the wine industry spearheading business development and marketing for various wineries including her own, plus previous years practicing general business law, Pamela is well qualified to provide the service and guidance to her clients that sets Nexternal apart from other eCommerce providers.

Leave a Reply
will not be published