Using security questions for password recovery

Without security questions activated, myhrtoolkit users will be asked for their date of birth to validate their login credentials. Security questions give more choices by allowing users to choose from a variety of questions and specify answers that they are not likely to forget. Security questions are used when users try to recover forgotten passwords.

In this document, we cover how a Controller can enable security questions for their organisation and how users can use it.

Choosing security questions and answers (Users)

Once enhanced security is activated, all users will be asked (the next time they login) to click on a link to setup security questions.

Security questions on myhrtoolkit

It is mandatory to answer at least ONE question. Answering two or three questions is recommended.

HR system security questions

Editing my security questions and answers (Users)

Users who can login into the system can amend their security questions by clicking on the Account at the top-right of the screen followed by the Security questions item.

Enabling security questions (Controllers)

A Controller can enable security questions in Config > Security Centre.

Security questions settings


If the option is disabled as above, click “Disable” to enable security questions.

Resetting forgotten security answers (Controllers)

Users who can not login because they have forgotten answers to their security question can ask their controllers to reset security questions for them. After a reset by the controller, users can setup security questions afresh.

Controllers can reset security questions in Config > Security Centre.

enhanced-security-06


The option to reset security questions is available only if security questions are enabled in your organisation. Click on the Actions button against the user’s name and reset their questions.

If a User forgets both password and security questions (Users and Controllers)

Users who can not login because they have forgotten both their password and the answer to their security question can ask their controllers to perform a reset for them.

Controllers should navigate to Setup & admin > Security Centre

From there, find the correct user and click on the Actions button.

  • First click the Reset Password item.
  • Then click Actions again and select the Reset Security Question item.

Note – These have to be activated at the same time and in that order.

The user will then be able to specify new login and security details after following the time-limited reset link which will be emailed to them.

If a Controller locks themselves out (Controllers)

Even controllers are human! If a Controller finds they can not login because they have forgotten both their password and/or the answer to their security question, they can ask another of the controllers in their organisation to perform a reset for them (see above for details). An email with time-limited reset link will be emailed to them as with any user-lockout.

However, if no other controllers are available, or there is only controller registered on the HR system, this is a more complicated procedure and will require additional support from the myhrtoolkit support team.

Please visit the myhrtoolkit support page for contact options.