Recent Changes - Search:


Challenge Questions-Answers

Challenge Questions and Answers

Tags: Authentication Methods

Problem Definition

You have an installation of PortalGuard and would like to know more about the challenge question and answer enrollment, complexity, etc.


Disable Enrollment - Completely prevents users from enrolling in this type of authentication method.

Optional Enrollment - May remind unenrolled users to enroll during each login, but does not force them to.

  • Optional Enrollment Reminders - Three options for reminding unenrolled users:
    • 1. Always - Always prompt the user until they actually enroll
    • 2. Suppressible - Allows users to suppress the enrollment reminder by checking a box on the logon screen
    • 3. Never - Never prompts the user to enroll regardless of their enrollment status

Force Enrollment - Forces users to enroll in this type of self-service before allowing them to login.

  • Maximum Enrollment Deferments - The maximum number of times users can defer/skip enrollment before being forced. Set to 0 to disable this functionality and force users to enroll during their next login.

Password Recovery Lockout Limit - For security purposes, the encrypted recovery data associated with the Recover Forgotten Password feature can be deleted after a number of consecutive failed attempts to use it. Set to 0 to disable this functionality.

Allow Offline Password Recovery – When enabled, users can recover their password even if offline. NOTE: PortalGuard Desktop software must be installed on the user's workstation.


Challenge Answer Minimum Length - The minimum number of characters required in challenge answers

Challenge Answer Case Sensitivity - Controls whether answers must be entered exactly as originally provided during enrollment. When disabled, 'bugs bunny', 'Bugs Bunny' and 'BUGS BUnnY' are all equivalent.

Prevent Repeated Challenge Answers - When enabled, users cannot provide the same answer to multiple questions.

Prevent Answers From Containing Question Words - When enabled, users cannot provide an answer that appears as a word in the text of the question.

Allow Answers With A Single, Repeated Character - By default, PortalGuard does not allow challenge answers that are a single, repeated character (e.g. '11111'). When this setting is enabled, those kinds of answers are allowed.

Fully Normalize Challenge Answers - Controls whether answers must be entered exactly as originally provided during enrollment. When enabled, all non-alphanumeric characters (spaces, punctuation, symbols) are removed from answers with the remainder cast to lowercase, example:

  • '42 Elm St., Boston' is converted to '42elmstboston' before hashing & saving

NOTE: Users that have already set answers must re-enroll them after changing this setting. Use the PortalGuard HelpDesk Console or Batch Importer to do this administratively.

NOTE: This option is not compatible with Offline Recovery in the PortalGuard Desktop.


Optional Questions - Users of this policy may choose which optional questions to answer. Optional questions are more user friendly - they allow for the possibility of forgotten challenge answers. Up to 15 questions can be defined.

Optional Question Shares - The number of optional questions users must answer when enrolling. Larger differences between shares and threshold are more user-friendly, but less secure.

Page last modified on March 11, 2016, at 01:49 PM