Many companies, LuxSci included, recommend or require that users have one or more “Security Questions” and corresponding answers associated with their accounts.  These questions are commonly used to:

• Verify a user’s identity if the user has forgotten his/her password, or
• Provide a second factor for logging into the service above and beyond the username and password

Because these questions are used to provide access to the service and identity verification, it is very important that questions and answers be well chosen.

Read the rest of this post »

LuxSci has long supported and recommended the use of security questions for users.  When a user has a security question and answer, LuxSci support can use this as an alternate method of verifying the user’s identity.  This is important when the user has forgotten his/her password or certain types of requests need to be verified.

While we have allowed users to provide a security question for many years, and have asked new account administrators to provide one at sign up for about the last year, use of a security question has never been mandatory.  Starting today, all account and domain administrators are required to have a security question.  Those who do not will be automatically prompted to choose one the next time that they login to the LuxSci WebMail user interface.

Users can choose a pre-defined question, or enter a question of their own.

We hope that this change improves the security of accounts and assists account administrators in recovering access quickly in cases where passwords are lost or where there is a dispute about account ownership.

If this change goes well, we will extend the security question requirement to all users.