Security question answers

Showing results for 
Search instead for 
Do you mean 
Reply
Highlighted
Participant III
Posts: 8
Registered: ‎05-17-2017
#1 of 2 1,023

Security question answers

Hi all, 

 

We are trying to find a way to confirm someone's identity when they call our IT desk to reset their password without pulling up PII. To do that, we were hoping to be able to access a person's security questions/answers instead via Centrify Reports. I already tried to pull that information from a custom scripted report and the closest I could get was whether they had set the questions up or not (boolean) or the number of characters their answers were. Is there anyway I can look up an individuals security questions and their answers as a Centrify Admin, even not in Reports? If so, we were also hoping to make it mandatory to set up their security questions/answers the next time they logged into their User Portal. 

 

Are either of these actions possible with Centrify's current capabilities? I would appreciate any guidance. 

 

Thank you!

Centrify
Posts: 4
Registered: ‎02-26-2018
#2 of 2 989

Re: Security question answers

Hello chegihea,

 

With Centrify, our number one goal is protection of user identity. The purpose of security questions and answers is to protect, through verification, someone's identity. As such, Centrify encrypts the answers on the back end for every user's security questions. Allowing anyone to be able to simply view them in plain text would be a huge security hole.

 

I think for your use case, it would be much better to enable self-service reset and enforcing other types of MFA:

 

https://community.centrify.com/t5/Centrify-Application-Services/How-To-Self-Service-Password-Reset-W...

 

This will save you huge amounts of time with password reset calls to your helpdesk, and protect everyone from viewing PII. This will allow the user to commit their own account unlock/reset and force them to meet MFA in order to do it to verify identity. Just make sure that you have multiple MFA options available to users. Mobile factors work great, such as SMS and OAUTH.

 

Hope this answers your question. Feel free to chime back with any other questions. 

 

 

JC