Security Questions Details
See the following sections for details about security questions:
Requirements for Answers to Security Questions
If any of these requirements is not met, you will receive an error when you attempt to save security answers.
-
You must answer all three questions.
-
Each answer must be unique.
-
Each answer must be at least three characters long.
-
You cannot use your email address or password as an answer.
Answers are not case-sensitive.
Exemptions from Setting Up Security Questions
If you log in to NetSuite with certain roles, or with certain types of access, you are exempted from the requirement to set up security questions. The following roles are exempted:
-
Customer Center
-
Web Store Shopper
Users with two-factor authentication (2FA) roles, or roles with IP address restrictions enabled are prompted to set up security questions. However, users with 2FA or IP address restricted roles are only asked to answer security questions if they forget their passwords.
The following types of access are exempted:
-
Web Services
-
SuiteScript
-
SuiteAnalytics Connect
-
OpenID Connect (OIDC) Single Sign-on
-
SAML Single Sign-on
When Security Questions are Asked
You will be prompted to answer a security question before you can log in to NetSuite in the following circumstances:
-
When you attempt to log in:
-
using a new browser
-
after the browser cache has been cleared
-
with the browser set to private mode (also called incognito browsing)
-
from a new or different computer
Note:This additional authentication requirement does not apply to you if you are using two-factor authentication roles, or roles with IP address or device ID restrictions enabled.
-
-
When you forget your NetSuite password, and must reset it.
-
If it has been more than 90 days since your last login.
If you answer the security question correctly, your login to NetSuite proceeds and an email is sent to the email address you used to log in, as notification of the successful authentication.
If you provide five consecutive wrong answers to the security question, you are locked out of NetSuite for a period of 30 minutes, and an email is sent to your email address and to your account administrator, as notification of the authentication failure.