" secret question Archives - LuxSci FYI Blog: Learn about HIPAA email encryption, secure email encryption, and more

Posts Tagged ‘secret question’

Social Engineering from Both Sides: Thinking + Caution = Safety

Thursday, May 3rd, 2012

Thank you, now I know your social security number!

Social Engineering” happens when you are manipulated into revealing sensitive or private information to someone who should not have it.  The person performing the manipulation seeks information that can be used for fraud, identity theft, computer access, and other nefarious actions.

Recently, I have run across a few situations that were not actually social engineering attacks, but could easily have been.  They serve to illustrate the danger.

Read the rest of this post »

Best Practices for Password Reminders and Security Questions

Thursday, May 5th, 2011

Many companies, LuxSci included, recommend or require that users have one or more “Security Questions” and corresponding answers associated with their accounts.  These questions are commonly used to:

  • Verify a user’s identity if the user has forgotten his/her password, or
  • Provide a second factor for logging into the service above and beyond the username and password

Because these questions are used to provide access to the service and identity verification, it is very important that questions and answers be well chosen.

Read the rest of this post »

Security Questions now Required for Administrators

Monday, June 8th, 2009

LuxSci has long supported and recommended the use of security questions for users.  When a user has a security question and answer, LuxSci support can use this as an alternate method of verifying the user’s identity.  This is important when the user has forgotten his/her password or certain types of requests need to be verified.

While we have allowed users to provide a security question for many years, and have asked new account administrators to provide one at sign up for about the last year, use of a security question has never been mandatory.  Starting today, all account and domain administrators are required to have a security question.  Those who do not will be automatically prompted to choose one the next time that they login to the LuxSci WebMail user interface.

Users can choose a pre-defined question, or enter a question of their own.

We hope that this change improves the security of accounts and assists account administrators in recovering access quickly in cases where passwords are lost or where there is a dispute about account ownership.

If this change goes well, we will extend the security question requirement to all users.