You will need to use your security questions and answers to complete the self-service password reset process or when contacting your Local Administrator for support with activities such as account lock out. You can update your security questions at any time through the Portal. You should do this if the answers to the questions change, you think someone may know the answers to your questions or if you are having trouble remembering the answers to your current questions.
As a Local Administrator, you will have the ability to remove a user’s current security questions and answers via their User Details page. This may be required if a user has forgotten their current security questions and answers, and would like for these to be reset.
Local Administrator Process
This process should be followed if:
- A user cannot remember their security questions and answers
- A user has been unsuccessful in authenticating their account via the Self-Service Flow
To trigger this process, a user should first contact their Local Administrator.
Important Note: It is the Local Administrator’s job to accurately confirm this user’s identity, following their organisation’s policies. Once the user’s identity has been confirmed, the below process can take place.
Local Administrator’s Step:
1. On accessing the user’s profile via User Management, click the Remove Security Questions and Answers button
Warning:
If the Remove Security Questions and Answers button is disabled, this can be explained by one of the following reasons:
- The user has not accepted AUP on their account. This must be done before a user can reset their security questions and answers.
- The user’s account is not in an active-based status (e.g. Deleted, Disabled, Locked etc.)
- The Remove Security Questions and Answers button has already been triggered. The button will remain disabled until the user has logged in and reset their security questions and answer.
Note: If the user has not yet accepted the AUP, please direct them to the following guidance: https://support.nhs.net/knowledge-base/acceptable-use-policy/#accepting-the-acceptable-use-policy
Additional Information:
Triggering the Remove Security Questions and Answers button removes the user’s current security questions and answers. On next login, the user will be prompted to input new question and answers.
User’s Steps:
2. As a user, login to your account
3. You will be prompted to input your new questions and answers. Enter these into the appropriate fields.
Please follow the security questions and answers criteria outlined below:
- Each of the questions and answers must be different (Note: questions cannot be the same as answers)
- They must be at least 6 characters long
- They must not be repeating letters/numbers or sequential letter/numbers i.e. aaaa/1111 or abcd/1234
- Answers must not contain special characters
- Character length should not be more than 100 characters
- A space will count as a character
- Answers must not be repeated with differing upper cases and lower cases of characters i.e. having two answers the same but one has a capitalised character at the start and one without
- Answers must not be repeated with differing spaces in between them
4. Click Save at the bottom of the page.
5. A pop-up will appear notifying you that you will be logged off. Click Ok.
| Last Reviewed Date | 09/12/2022 |
