Security Questions
Security Questions
By Paul
09/16/14 (Edited 09/19/14)
For extra security, you may want to allow members to set up a security question to protect their account. You can do this by enabling the security questions switch at Admin Panel -> Settings -> Switches. A security question is a question created by the user which must be answered to confirm the user's identity. In the event that the user's password has been stolen, the security question will keep their account safe. This can be important with administrator accounts since administrators have the power to destroy the website. It can also prevent abuse of the password reset option by someone who knows a member's email address and repeatedly enters it to reset the person's password.
Having to answer a security question is, of course, annoying. For this reason, WSN asks the question no more than necessary. If the member is using an IP address they've previously used to access your site, they're trusted and not asked the question. If they login from a new IP location, they're questioned the first time.
When a user who has a security question set up logs in from an IP address they haven't previously used, their login and password reset will both become a two step process: first the regular part, then it asks the security question for confirmation before they're actually logged in / before the password reset email is sent. The question step uses the Admin -> Themes -> Manage Templates -> Member Templates -> "Security Question" template. Please note that the security question will not be asked when they login from a known good IP address.
If you originally installed a version older than 9.0.25 and customized the wrapper template, you must change the wrapper template to make sure <div class="warning" id="loginproblem"></div> is below the <form...> line instead of above. If you don't make this template update, the modal login will fail for people who have a security question.
By Paul
09/16/14 (Edited 09/19/14)
Having to answer a security question is, of course, annoying. For this reason, WSN asks the question no more than necessary. If the member is using an IP address they've previously used to access your site, they're trusted and not asked the question. If they login from a new IP location, they're questioned the first time.
When a user who has a security question set up logs in from an IP address they haven't previously used, their login and password reset will both become a two step process: first the regular part, then it asks the security question for confirmation before they're actually logged in / before the password reset email is sent. The question step uses the Admin -> Themes -> Manage Templates -> Member Templates -> "Security Question" template. Please note that the security question will not be asked when they login from a known good IP address.
If you originally installed a version older than 9.0.25 and customized the wrapper template, you must change the wrapper template to make sure <div class="warning" id="loginproblem"></div> is below the <form...> line instead of above. If you don't make this template update, the modal login will fail for people who have a security question.
Rating | |
Views | 222 views. Averaging 0 views per day. |