One of the key component for a web application and for and Identity and Access Manager System is the implementation of a Challenge Questions, also known as security questions.

Challenge questions reduce support costs by allowing users to retrieve their password rather than contacting support.

The challenge questions are used to improve the security of the Identity System and their purpose is to enable you to retrieve your password. As you probably know a lost, forgot or change password is one recurrent action for the business users. Also, the challenge questions are used for the help desk or support team to confirm you identity when you call for profile or password change.

Some scenarios when challenge question is used are:

o Using Challenge Questions for Credential Recovery
o Using Challenge Questions for Routine Authentication
o Password retrieval/reset
– If you forget your password, the website will ask a question and if answered correctly, you’ll get or reset the password.
o Sign-in verification
– Some websites occasionally display a security question during sign-in as a second level of verification.

Remember it is critical that you keep your challenge questions up-to-date to avoid any security hole on you identity and access manager system.