Prompt to change security question when (and after) the email address is changed
We allow our clients to change their entire profile details, as it often arises that the primary contact for an organisation changes over time (surprisingly frequently).
Since the security question and answer are on a separate page from the rest of the profile details, these do not get changed and if/when that client then needs to reset the password, they are unable to do so because the security question and matching answer belongs to the prior person who occupied the primary account profile.
My request is to handle this better by some combination of the following:
1. Automatically removing the security question and answer if a significant enough portion of the contact info is changed, like email address first and last name.
2. Prompting the user to set a security question if one is not set
3. Immediately after making changes to the email address on file, indicate to the user that they may also wish to update their security question and answer.
An alternative to requiring this would be merging the details about the security question into the same form as the rest of the contact profile details.
Thanks for considering.