Security questions are similar to passwords. They rely on information that you know to verify who you are. Unlike a password, security questions rely on responses to common questions.

WSU Recommendation

WSU does not recommend using Security Questions.

The answers to Security Questions are easily harvested from social media and other places. WSU will likely discontinue support for Security Questions in the future. Security Questions cannot be used as MFA, or for resetting a forgotten password. Previously, Security Questions had to be configured for all accounts.

  • (tick) Does not require an app on a mobile device
  • (tick) Does not rely on specific browser capabilities to work
  • (error) Poor resistance to Phishing attacks
  • (error) Extremely vulnerable to low skill social media attacks.
  • (error) Does not rely on possession of a any registered device.

How to Get Security Questions

Security Questions are built into Okta and do not require any 3rd party software. These are configured during account onboarding.

How to Set Up

Follow these steps to set up your Security Question in Okta

  1. Login to your account at login.wsu.edu.
  2. Click your name in the upper right, then settings.
  3. In the Security Methods box, look for Security Question and click Set Up.
  4. Choose an existing question or create your own and follow the prompts on screen.

How to Use

Security Questions are only used in special cases such as password reset, and are not available as methods for MFA.

Further Reading

  • No labels