Forums » SEPHP Feature Requests

Add Security Account Recovery Questions

    • 31 posts
    May 4, 2020 6:57 PM EDT

    Most sites have the ability to set up security questions. Name of first pet, mothers middle name etc.

    Then if a users email changes, forgot password or Phone number is not set up/accessible they can still access the account. 

    Can also be used for security when account is flagged for multiple login.

    Normal part of secure websites.. Would like to see it here.

    • Moderator
    • 5322 posts
    May 5, 2020 5:11 AM EDT

    We need this fleshed out a bit more. It's a good idea but we need more clarity. This is why we have posting guidelines.

    Do we provide a few default questions?

    Does admin set up all of the questions?

    How many questions? Is that under admin control too?

    Does it have to match case too or just the word itself?

    • 31 posts
    May 5, 2020 5:47 AM EDT

    Yes most site have 3-6 questions that can be used. They could be selected by SE for simplicity. I've included a list of security questions that could be selected from and SE picks some and codes it in. Perhaps in a future release you could let the admin or user write a security question, but that's just more buttons and coding really. 

    Optional turn on of this feature.

    Match word is generally the practise. 

    User gets 3 attempts to answer questions correctly before temporary lock down of ability to answer questions. This is already partly implemented in the new login ability so shouldn't be overly difficult. 

    Usually i see this happens 3 times and then account is totally locked and requires admin validation or something.

    But again... I'd really just be happy if there were 6 questions that SE picked, 1-3 is randomly shown, correctly answers and then an ability to change the password appears. 

    https://sites.google.com/site/pwordsecuritykate/home/list-of-ideas-security-questionshttps://cheatsheetseries.owasp.org/cheatsheets/Forgot_Password_Cheat_Sheet.html

      

     


    This post was edited by DreamCoder at May 5, 2020 5:49 AM EDT
    • Moderator
    • 5322 posts
    May 5, 2020 5:52 AM EDT

    Good idea. Thank you! We also need to include translation ability.