0 votes

We currently use a paper form for security questions which helps us to reset passwords of remote users. However the paper list has become large so we are looking for a way to sort of re-enroll users with new security questions. We want to force users to supply the security questions and have a way to monitor who has enrolled.

However we dont want users to reset their passwords per say. We want to collect the secret questions and have a copy of all of them that we could put into a sql database or encrypt and add them to the HR database.

Seeing as with Adaxes password self service reset we can see who has enrolled I was wondering if we could use this but just disallow the right to actually change the password.

On the surface however I cant see a way to actually find the secret questions that users have submitted.

Is this possible with Adaxes?

by (350 points)

1 Answer

0 votes
by (215k points)
selected by
Best answer

Hello,

Security questions of users are stored in plain-text form, so you can get them any time. However, security answers are not stored. Adaxes stores and compares only hashes of the answers. The only time when you can get an answer in plain text form is when a user enrolls for Password Self-Service, before they are saved by Adaxes. So, do you want to store answers in addition to questions? Could you describe the way how you want to use Adaxes in more detail? Can you describe how you view the process overall from the user perspective?

As for disabling the option to perform self-password reset, yes, that's possible. You can disallow users to reset passwords for themselves so that they can enroll only.

Related questions

0 votes
1 answer

We are trialing Adaxes and are wondering the following two things are possible. Is it's possible to have the order of Authentication methods adjusted ? Is it possible to import an ... 't look to exist, but would it be viable to add them as feature requests ?

asked Jul 6, 2020 by dgrandja (70 points)
0 votes
1 answer

is it possible to allow a user to enroll for both options, or even only one option out of the two available? I would like to give my users the choice to use either. Some users may not want an authenticator, but other's might do.

asked Nov 6, 2019 by mashworth (60 points)
0 votes
1 answer

Is there a way to allow users to either answer the self-service reset questions OR get an SMS/Email verification? I can see how to set a policy for either one, but is there any way to enable an end user to choose which to use?

asked Apr 4, 2016 by johnsonua (390 points)
0 votes
1 answer

Hello Support, Are the self service questions and answers stored securely? Are they stored in the Adaxes database or in Active Directory? Thank you!

asked Nov 17, 2014 by strikk (360 points)
0 votes
1 answer

Is there anyway we can get an Adaxes administrator to be able to access the security the questions and answers from the “Password Self-Service Policies” portal for our users?

asked Feb 17 by JoeG (40 points)
2,801 questions
2,535 answers
6,605 comments
61,659 users