User Security Question to Update Password without Email Access

    • 31 posts
    February 19, 2018 3:49 PM EST

    Title: User Security Question to Update Password without Email Access

    Description: 

     

    The older a site gets the more your users may no longer have access to their original account email. If they forget their password, don't have the email, then they have no way to access their account. Most sites deal with this with a security question that then allows users to access the account. SMS verification via code and password reset would also be an acceptable option.

     

  • gs
    • 857 posts
    February 19, 2018 4:11 PM EST

    Good idea.  Let the User do as much as possible without requiring ADMIN assistance.  Plus, even if they contact ADMIN, with no security question available, there seems to be no other way to verify them.  Another FR was to include uploading a file upon signup (such as license, passport, etc.).  That could also be used by ADMIN, but again, it's better to let Users help themselves as much as possible.

     

    Some Plugins that may be of use until SE gets around to this FR:

    https://www.socialenginesolutions.com/social-engine/social-media-login-1-click-social-connect-plugin/

    https://www.socialenginesolutions.com/social-engine/email-verification-reminder-plugin/

    https://www.socialengineaddons.com/socialengine-otp-mobile-verification-secure-login-plugin

    https://www.socialengineaddons.com/socialengine-quick-single-step-signup-plugin

     

    • 31 posts
    February 19, 2018 4:22 PM EST

    I have almost a million users on my site. There is Zero way that "admin response" is an acceptable answer to fixing this. And yes - without security question there is no way to verify user is who they say they are. 

    Although those plugins do various signup things. None deal with existing users requiring additional access at least not that I can tell.  

    • Moderator
    • 6923 posts
    February 20, 2018 6:45 AM EST
    DreamCoder said:

    Title: User Security Question to Update Password without Email Access

    Description: 

     

    The older a site gets the more your users may no longer have access to their original account email. If they forget their password, don't have the email, then they have no way to access their account. Most sites deal with this with a security question that then allows users to access the account. SMS verification via code and password reset would also be an acceptable option.

     

    I like both options. Allowing admin to choose SMS or security question or both (as some users don't do the SMS due to getting spam called which happened to me when I did it on FB).

    • 629 posts
    June 28, 2018 3:48 AM EDT

    I like the security questions and answers the best. Not everyone has a mobile number. But everyone knows their own brain.