- Managing Your Questions
Use these steps to access the settings referenced in the following procedures:
You can create many different questions and designate a language for each question. You can also provide multiple translations of a single question. The plug-in software presents the user with the questionnaire in the language that corresponds to the language settings of the user's profile. If the language is not available, Single Sign-on displays the questions in the default language.
In most instances, users see security questions displayed in the language associated with their current user profile. If the language is not available, Single Sign-on displays the questions in the default language that you specify.
You can create a number of security questions that your users answer to confirm their identities. Each question you add to the questionnaire must be answered by your users. However, you can also group these questions together in a security question group.
For example, putting your questions in a group enables you to add a group of six questions to your questionnaire, and allows your users to choose from that group of questions, answering, for example, three of the six. This gives your users flexibility in selecting questions and providing answers to be used for identity verification.
You must select one or two of the questions your users answer to encrypt the data for key recovery. Your users need to provide answers for all of the questions they originally answered when enrolling, but the questions you select are used to provide data to include as part of the encryption and key recovery process.
Security answer masking is available with Password Manager Versions 4.6 and 4.6 with Service Pack 1 and Single Sign-on 4.8 and 5.0.
Security answer masking provides an added level of security for your users when they register their security question answers or provide their answers during identity verification. When this feature is enabled, the answers of users running Password Manager 4.6, Password Manager 4.6 with Service Pack 1, Single Sign-on 4.8 or Single Sign-on 5.0 are hidden. During the answer registration process, these users will be asked to type their answers twice to avoid typing and spelling errors. Users will need to type their answers only once during identity validation because they are prompted to retry if there is an error.
Backward compatibility mode enables the plug-in software to continue prompting users with identity verification questions you used for Password Manager Versions 4.0 and 4.1. Backward compatibility mode also allows you to continue using the default question, "What is your identity verification phrase?" If you are upgrading from Version 4.1, the identity verification questions and the questions you used for self-service password reset appear as a questionnaire in the Manage Questions dialog box.
If you are using automatic key management, do not enable backward compatibility. Automatic key recovery does not require users to answer identity verification questions.
For Versions 4.0 and 4.1 backward compatibility, the questionnaire must include at least one security question associated with the Account Self-Service password reset feature.