Security Questions, also called Q&A or Passphrases have become a familiar method for users to verify their identity without requiring the memorization of a password.  Within the Authasas Advanced Authenticaiton framework, Security Questions provide a primary authentication method, or commonly find use as a backup authentication method when a hardware authentication device malfunctions or is otherwise unavailable.

Questions are pre-configured by IT administrator to meet corporate and cultural requirements, as is the number of questions required for successful authentication.

Commonly, users enroll enroll a number of security questions greater than the number of security questions required for authentication.  This approach provides a level of flexibility without compromising security.  For example, a user may enroll 5 security questions, but be required to correctly respond to 3 questions during logon.  The user is very likely to answer 3 of the 5 questions correctly, thus avoiding a call to the helpdesk, while still securely validating the user's identity.