The next time you forget your password, MOVEit Transfer challenges you to verify your identity with answers to these security questions. You must pre-define answers to these security questions (challenge-phrase and response-phrase pairs) in your account before you can use them.

When choosing a challenge-phrase and response-phrase pair, follow the guidelines listed in the following table.

Guideline

Description

Ease of recall.

Select a question with an answer that is easy for you to remember.

Not found in the public domain.

Don't select questions that are answered on social media or mass media, high school yearbooks, and so on.

Private.

An answer should be specific and only known to you.

Hard to Predict.

Don't use words related to your locale, region, or other sorts of generalized information that can be inferred by your IP address or other client session attributes.

Remember these tips:

  • Don't choose answers to your security questions that can be guessed based on your location.
  • Your institution's public IP Address can reveal your location, country, and metropolitan area region.
  • IP addresses can be easily looked up to find your institution's DNS name (which can include a company name or institution type), and so on. Be aware that public information like this can provide hints that help hackers guess a weak response phrase.
  • Bad examples of challenge or response phrases include landmarks, sports teams, or foods (such as desserts from a specific region) where your client's IP address can be lookedup (let's say to the Greater Chicago Area) and specific sites imply information related to every-day life, culture, and landmarks unique to that region.