Using a good challenge question is vital to securing your message. Here's some advice on what to use.
Consider your pre-existing knowledge of your clientQ – If you decided to leave the UK which city would you choose to emigrate to?
Do you know something about them that is not public knowledge? e.g.
A - Toronto
Think about using information from the last conversation you had with themQ - Which shop were you going to after our last meeting?
Did you talk about something you could reference? e.g.
A - Boots
- Consider the option of having a pre-agreed passphrase
This can be agreed on a per-client or per-communication basis, with the passphrase being conveyed during conversations with your client. Alternatively, a company-wide policy can be decided, creating a phrase to be used across all secure emails sent to clients. However, this is significantly less secure than the per client/communication options.
e.g. “During the course of your mortgage transaction, there may be times when we need to send information to you that is sensitive in nature. We will be using Mailock secure email to do this, where you will be required to verify your identity by providing the pre-agreed passphrase, which is *********”
Consider the circumstances that introduced the client to you and your firmQ - What is the surname of the lady who introduced my services to you?
Were they referred? Or did they find you through a network? e.g.
A - Middleton
Refer to any fact-finding documentationQ - What year did you take out your first mortgage (enter the 4 digit year)
As fact-finds have a wealth of personal data, you may be able to find information to use as a potential question. e.g.
A - 1991
Consider using a quote number/policy number/case number if using a generic inboxQ - Please provide the policy number for Mr A Smith DOB010101
Use a reference which can easily be looked up, but that isn't publicly known. e.g.
A - AB123456
Refer to readily accessible dataQ – What is the name of your dog?
Questions created based on information found on social media posts are not secure. If you can see it, so can everyone else. e.g.
Ask common-knowledge questionsQ – Who is the President of the USA
Questions should be personal to the recipient, not something which you would find in a pub quiz. e.g.
Ask a question that could potentially have multiple answersQ – Name one of your previous mortgage providers.
Ensuring your question has only a single, firm answer will ensure clients gain access every time. e.g.
Explain what format the answer needs to be inQ – What is the expiry date of your home insurance policy – please use **/**/**?
When there are multiple ways of entering an answer, such as when asking for a date, provide your client with the required input format. e.g.
There are no hard and fast rules on how you should write a Q&A. Just aim to make your questions as personal as you can to each client. The rest is up to you!
Your Mailock ‘Trusted Community’
Keep in mind, if your recipient registers for a free 'read and reply' Mailock account they are added to your 'trusted community' of verified users once they have met the authentication challenge. This means that you will no longer need to issue them identity challenges, although you can do so if you wish.
The easiest way for them to register is to click on the 'Reply' button after they have opened your secure message. Ask your recipient to reply back to you, even if it's just to confirm they've read your message.