How does a user run the reset process?
There are a number of possible solutions to this.
1) The users can use another member of staff PC to run the executable.
2) The user can login to the domain with a generic user account with no network privileges. The executable can run in a login script which auto-logs out after a pre-defined period of time.

What happens if a user loses their security card?
The user can run through the registration process again and assign themselves a new security card serial number. The lost card is useless as there is no reference to the user or any answers to their security questions.

Do the security cards need to be in a secure location?
No – The cards are inactive until a user registers it during the registration process. They could be kept in a central location e.g. a reception.

How many codes are on each card?
There are three codes on each card. This allows the user to reset their password three times. On the last reset they are reminded to pickup and register a new card.

Can I change the number of questions the user needs to answer?
No – The system is configured to request three questions, although there is over 20 possible questions the user can choose. The administrator can also add and remove questions from the admin console.

Can I run the system without security cards?
No – The system is configured to be as secure as possible by providing two-factor authentication.

What happens is a user fails to answer the security questions or enter a valid security code?
This would constitute an attempted breach of security and would lock the users SSR account after three attempts. They will then be prompted to call the IT helpdesk. The IT helpdesk will receive an email on the third attempt to make them aware of the potential breach.

Can the system administrators view my security answers?
No - Only a hash function of the answer is kept in the database not clear text. It is not possible for anyone, including the administrator to obtain the security answers.