We suggest that you don’t use anything which can be easily ‘socially engineered’ e.g. a piece of information about your recipient that might easily be discovered in a Facebook or LinkedIn profile such as a child’s or a pet’s name.
Business users might wish to consider the use of a suitable ‘customer id’ or agreed ‘password’ that is recorded against the client record in a CRM system.
The recipient of your secure email will be allowed five attempts to answer the challenge. After five failed attempts, the email will be set to ‘revoked’ and you will be notified of the revocation. If you wish to reinstate your message for the recipient, take a look at our knowledge base article ‘how do I reinstate a revoked message’.