Feature Requests
Share ideas, discuss and vote on requests from other users in community
This object is in archive! 

Security questions for each contact

Russ Michaels shared this idea 3 years ago
Under Consideration

Currently, there is only 1 security question, which is for the primary user, and which then has to also be used by all contacts.

This presents multiple issues.


As is the case for many clients, they have several sub-accounts, with different permissions, so different people can login and submit tickets, or receive emails etc.

So lets say someone calls up and is asked the security question "what is your mother's maiden name".

He gives his answer, but it is wrong, because it is not his mother's maiden name, it is the mother of the person who set the question/answer, and he doesn't know who did it and of course doesn't know the maiden name of all his staff's mothers, and the person who setup the account is not in the office. So he is now stuck and cannot get support.

In addition, this security question is thus in itself security issue, because in order for it to work it requires sharing that information with other people in your company so they can contact providers and answer the security question. So since most websites use the same common personal questions, you are sharing sensitive information with others, now anyone in your company who knows this information could use it to contact any service provider, website etc that you use, which is nothing to do with the company, and bypass the security checks if you have used the same security question, which is highly likely. This could easily result in identity theft.

I have attempted to get round the overall issue by adding a generic "secret pass phrase" question that is not personal, and which can be shared. But this again presents an issue as this is more likely to be forgotten due to the fact it is not personal.

A better solution would be for each contact on the account to have their own security question, so that it remains personal to them, and so they do not have to share those details.