Difference between revisions of "SecurityQuestionsResetForm"
Jump to navigation
Jump to search
(Created page with "'''What to do if a user needs to reset the password for their Skysuite Account but they are unable to answer the security questions held for the account''' If a user is unabl...") |
|||
| (6 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
| − | + | == What to do if a user needs to reset the password for their Skysuite Account but they are unable to answer the security questions held for the account == | |
If a user is unable to answer the security questions for their account, they can complete a reset form and send it to us. | If a user is unable to answer the security questions for their account, they can complete a reset form and send it to us. | ||
| Line 5: | Line 5: | ||
The completed form '''MUST''' come from the email address that is linked to the user's account, if it comes from a different email address, we will not act on the request - that may mean that the user needs to register for a new account, in which case so be it. | The completed form '''MUST''' come from the email address that is linked to the user's account, if it comes from a different email address, we will not act on the request - that may mean that the user needs to register for a new account, in which case so be it. | ||
| − | The user must send the completed form to us using: '''[email protected]'''; if ANYONE else is in distribution, be it a colleague, their line manager or the provisioning manager for their station (even if | + | The user must send the completed form to us using: '''[email protected]'''; if ANYONE else is in distribution, be it a colleague, their line manager or the provisioning manager for their station (even if that's a SkylogistiX employee) we will not act on the request - the user will need to start over and choose new/fresh security questions. The questions should be personal and private and thus only the end-user should be able to successfully answer the chosen security question. |
'''No one''' else should know what the security questions for an account are, only the owner of the account, hence why if the end-user has cc'd someone else on their email, we will reject the request. | '''No one''' else should know what the security questions for an account are, only the owner of the account, hence why if the end-user has cc'd someone else on their email, we will reject the request. | ||
| Line 11: | Line 11: | ||
If the account is suspected to be a group/shared account, e.g. used by everyone in a location then this is not something that we encourage - in that situation, we will ask each user to register for his/her own SkySuite account, thus the security questions should be personal and meaningful/relevant to the end user. | If the account is suspected to be a group/shared account, e.g. used by everyone in a location then this is not something that we encourage - in that situation, we will ask each user to register for his/her own SkySuite account, thus the security questions should be personal and meaningful/relevant to the end user. | ||
| − | If the security questions are impersonal then we may reject the request, for example "What colour is the notice board above Dave's desk?" or "Who was most drunk at the 2019 Christmas office party?", e.g. they could be answered by anyone in the office at that location, we will reject the request. Similarly, if the questions are | + | If the security questions are impersonal then we may reject the request, for example "What colour is the notice board above Dave's desk?" or "Who was most drunk at the 2019 Christmas office party?", e.g. they could be answered by anyone in the office at that location, we will reject the request. Similarly, if the questions are poorly chosen and easy to answer by ''ANYONE'', e.g. "What is the answer to 1 + 1?" or "What is the capital city of England?", we will reject the request. |
| − | + | === Examples of GOOD Security Questions === | |
| + | |||
| + | {| class="wikitable" | ||
| + | |- | ||
| + | ! Example Question !! Example Answer || Why it's a GOOD Question Choice | ||
| + | |- | ||
| + | | What is my favorite football team? || Barcelona || Simple, one word answer and a question that should last with you for life. | ||
| + | |- | ||
| + | | Name of my first ever dog? || Rover || Specific question with a single word answer that won't change over time. | ||
| + | |- | ||
| + | | Surname of my first ever boyfriend/girlfriend? || Thomas || Specific question with a single word answer that won't change over time. | ||
| + | |- | ||
| + | | My father’s first name? || John || Specific question with a single word answer that won't change over time. | ||
| + | |} | ||
| + | |||
| + | |||
| + | === Examples of BAD Security Questions === | ||
| + | |||
| + | {| class="wikitable" | ||
| + | |- | ||
| + | ! Example Question !! Example Answer || Why it's a BAD Question Choice | ||
| + | |- | ||
| + | | What is my favorite color? || Blue || Can be easily guessed-at by others. | ||
| + | |- | ||
| + | | In what year was I born? || 1980|| Any one that knows you can probably guess your age fairly accurately (it won't take too many attempts to guess it correctly). | ||
| + | |- | ||
| + | | What is the name of my boyfriend/girlfriend? || Jamie || This may not be a good choice (depending on how frequently your love life changes!) :-) | ||
| + | |- | ||
| + | | My first holiday? || Abergavenny, Wales, Summer of 1994|| Question is not specific enough and answer is too long and uses punctuation which may not be repeated the same way. To clarify, specifying “Abergavenny, Wales, Summer - 1994” would result in SkyLog rejecting your answer as it needs to be an exact match. | ||
| + | |- | ||
| + | | My first pet? || Gerbil called “Petal” || See previous note | ||
| + | |- | ||
| + | | What is my surname? || Smith || It's TOO easy for ANYONE to answer | ||
| + | |- | ||
| + | | What is my password || London2012 || If you can’t remember your password in the first place then you won’t be able to answer your security questions (think about it!) | ||
| + | |- | ||
| + | | What is my credit card PIN? || 1234 || Such information shouldn’t be posted on-line, it should be something known only to you and should not be shared / divulged. | ||
| + | |- | ||
| + | | What is my social security number? || AB 00 11 22 C || Such information shouldn’t be posted on-line needlessly (unless it is required by a government agency or your employer for example). | ||
| + | |} | ||
| + | |||
| + | |||
| + | '''NOTES:''' | ||
| + | * There is no need to actually print, complete and scan/photograph the form; you can simply send an email to us with your chosen security questions and questions. Your choices don't need to be sent as an attachment or embedded file; your choices can be typed as regular text within the body of you message (email). | ||
| + | |||
| + | * If you should need to answer your chosen security questions at some point, you '''MUST''' enter your chosen answer exactly as it's specified - your security questions are '''CASE SENSITIVE'''. | ||
| + | |||
| + | * Every user must have TWO security questions & answer pairings; the user will be prompted to successfully answer BOTH chosen security questions in order to reset the password held for their portal account. | ||
| + | |||
| + | |||
| + | '''Remember''' | ||
| + | |||
| + | Like a bank, we will NEVER ask you to reveal, share the password for your SkySuite Web portal account - if anyone should ever ask you for this, it is very likely to be a fraudulent request from someone who is not trustworthy; you should never disclose, reveal your password nor the answers to your chosen security questions. This information should not be written down/printed nor should it be stored in files on your computer (nor any other electronic device for that matter). Furthermore, such sensitive information should not be shared with your colleagues nor your boss / line manager. | ||
| + | |||
| + | |||
| + | [[File:SecurityQuestionResetForm.JPG|Security Questions Reset Form]] | ||
Latest revision as of 18:19, 16 December 2021
What to do if a user needs to reset the password for their Skysuite Account but they are unable to answer the security questions held for the account
If a user is unable to answer the security questions for their account, they can complete a reset form and send it to us.
The completed form MUST come from the email address that is linked to the user's account, if it comes from a different email address, we will not act on the request - that may mean that the user needs to register for a new account, in which case so be it.
The user must send the completed form to us using: [email protected]; if ANYONE else is in distribution, be it a colleague, their line manager or the provisioning manager for their station (even if that's a SkylogistiX employee) we will not act on the request - the user will need to start over and choose new/fresh security questions. The questions should be personal and private and thus only the end-user should be able to successfully answer the chosen security question.
No one else should know what the security questions for an account are, only the owner of the account, hence why if the end-user has cc'd someone else on their email, we will reject the request.
If the account is suspected to be a group/shared account, e.g. used by everyone in a location then this is not something that we encourage - in that situation, we will ask each user to register for his/her own SkySuite account, thus the security questions should be personal and meaningful/relevant to the end user.
If the security questions are impersonal then we may reject the request, for example "What colour is the notice board above Dave's desk?" or "Who was most drunk at the 2019 Christmas office party?", e.g. they could be answered by anyone in the office at that location, we will reject the request. Similarly, if the questions are poorly chosen and easy to answer by ANYONE, e.g. "What is the answer to 1 + 1?" or "What is the capital city of England?", we will reject the request.
Examples of GOOD Security Questions
| Example Question | Example Answer | Why it's a GOOD Question Choice |
|---|---|---|
| What is my favorite football team? | Barcelona | Simple, one word answer and a question that should last with you for life. |
| Name of my first ever dog? | Rover | Specific question with a single word answer that won't change over time. |
| Surname of my first ever boyfriend/girlfriend? | Thomas | Specific question with a single word answer that won't change over time. |
| My father’s first name? | John | Specific question with a single word answer that won't change over time. |
Examples of BAD Security Questions
| Example Question | Example Answer | Why it's a BAD Question Choice |
|---|---|---|
| What is my favorite color? | Blue | Can be easily guessed-at by others. |
| In what year was I born? | 1980 | Any one that knows you can probably guess your age fairly accurately (it won't take too many attempts to guess it correctly). |
| What is the name of my boyfriend/girlfriend? | Jamie | This may not be a good choice (depending on how frequently your love life changes!) :-) |
| My first holiday? | Abergavenny, Wales, Summer of 1994 | Question is not specific enough and answer is too long and uses punctuation which may not be repeated the same way. To clarify, specifying “Abergavenny, Wales, Summer - 1994” would result in SkyLog rejecting your answer as it needs to be an exact match. |
| My first pet? | Gerbil called “Petal” | See previous note |
| What is my surname? | Smith | It's TOO easy for ANYONE to answer |
| What is my password | London2012 | If you can’t remember your password in the first place then you won’t be able to answer your security questions (think about it!) |
| What is my credit card PIN? | 1234 | Such information shouldn’t be posted on-line, it should be something known only to you and should not be shared / divulged. |
| What is my social security number? | AB 00 11 22 C | Such information shouldn’t be posted on-line needlessly (unless it is required by a government agency or your employer for example). |
NOTES:
- There is no need to actually print, complete and scan/photograph the form; you can simply send an email to us with your chosen security questions and questions. Your choices don't need to be sent as an attachment or embedded file; your choices can be typed as regular text within the body of you message (email).
- If you should need to answer your chosen security questions at some point, you MUST enter your chosen answer exactly as it's specified - your security questions are CASE SENSITIVE.
- Every user must have TWO security questions & answer pairings; the user will be prompted to successfully answer BOTH chosen security questions in order to reset the password held for their portal account.
Remember
Like a bank, we will NEVER ask you to reveal, share the password for your SkySuite Web portal account - if anyone should ever ask you for this, it is very likely to be a fraudulent request from someone who is not trustworthy; you should never disclose, reveal your password nor the answers to your chosen security questions. This information should not be written down/printed nor should it be stored in files on your computer (nor any other electronic device for that matter). Furthermore, such sensitive information should not be shared with your colleagues nor your boss / line manager.
