<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-M74D8PB" height="0" width="0" style="display:none;visibility:hidden">
Loading
Skip to NavigationSkip to Main Content
0D54z00007NaM36CAFOkta Classic EngineMulti-Factor AuthenticationAnswered2024-10-29T09:00:45.000Z2022-01-11T16:47:41.000Z2022-01-12T15:13:43.000Z

v0d07 (v0d07) asked a question.

How does Okta store security questions and responses? Are they encrypted at rest?

I am looking to understand how Okta handles challenge questions and answers. I would like to know if they are encrypted at rest and, if so, what kind of encryption is used? Are there any configurable options with how these are stored?


  • Hello @v0d07 (v0d07)​ 

     

    If an app is redirecting the user to a security question form every time the user logs on and forces a security question, the security answer would need to be input but will never be stored. You can also set the landing page of the Security Question as the landing page for the SWA app but the security question would need to be filled in every time. This means that Okta doesn't store the answer to the security questions.

    I recommend you to read the following blog for more information about this: https://www.okta.com/blog/2021/03/security-questions/

     

    Regards,

    Expand Post
    • v0d07 (v0d07)

      Thank you for the response, Henry. I should have been more clear in my question. I'm referring to the MFA option of a security question for logging in to Okta itself, not for a SWA app. Meaning, instead of using Okta Verify, text message, phone call, etc, the user chose to use a security question as a second factor for logging in to their account. How are those questions and answers stored?

      Expand Post
This question is closed.
Loading
How does Okta store security questions and responses? Are they encrypted at rest?