LuxSci has long supported and recommended the use of security questions for users. When a user has a security question and answer, LuxSci support can use this as an alternate method of verifying the user’s identity. This is important when the user has forgotten his/her password or certain types of requests need to be verified.
While we have allowed users to provide a security question for many years, and have asked new account administrators to provide one at sign up for about the last year, use of a security question has never been mandatory. Starting today, all account and domain administrators are required to have a security question. Those who do not will be automatically prompted to choose one the next time that they login to the LuxSci WebMail user interface.
Users can choose a pre-defined question, or enter a question of their own.
We hope that this change improves the security of accounts and assists account administrators in recovering access quickly in cases where passwords are lost or where there is a dispute about account ownership.
If this change goes well, we will extend the security question requirement to all users.