Requests | Blesta

Requests

Security Questions

Jon Morby shared this idea 1 day ago
Under Consideration

In the event a customer account is compromised and / or we end up speaking to them on the phone, we need a way of confirming the caller is indeed the account holder.

To this end, having security question/answers which the operator can use to verify the caller would be very handy.

There should be a status flag next to each answer showing the date/time it was last changed

There should be the option for the admin to use pre-defined questions (a drop down of say 10 which the client can choose one of and submit their answer) which we can then repeat x times (3 seems like a useful default here)

Also an option for a customer to add their own question / answer would be nice

And finally, for those who don't want predefined questions/answers box, a mechanism whereby the operator can ask for characters from a pre-defined "telephone" password (without seeing the whole password) and the client confirms the "first and fifth" (or whatever) letter from their password/phrase.