Documentation

How To Use The Secret Questions Add-On

After installing the add-on, a new "Secret Questions" page gets added to "Users and Groups" in the dashboard, next to "Login & Registration".

Picture_14.png

The Secret Questions page lets an administrator add, change and remove questions.  It also allows blocked users to regain access to the reset option and certain groups can be forbidden from using the tool.

Picture_15.png

Any question can be edited by clicking on it, and any number of questions can be added.  When a question is edited or deleted, it does not effect user experience.  Their question is stored as a secret question / answer pair attribute unique to their profile.  Unchecking "enabled" leaves the question in the dashboard, but will not be shown to end users.  

The add-on has some options available:

Picture_20.png

  • How many chances...: A user gets this many tries before they are blocked from the password question reset tool.  This does not lock their account and they may still use c5's default email-based password reset.
  • How many minutes...:  Time in minutes until the user can try again after forgetting their questions.
  • How many answers...:  This select menu chooses how many questions a user must solve.
  • Captcha :  Attempts to verify the user's humanness.

Resetting A Password

The password questions add-on includes a single page, Password Questions, that users can access if they have forgotten their password.  When they visit Password Questions, they will be prompted to provide either their username or their email address if authenticating via email address.  Then the user is prompted with the number of questions required to reset their password.

If they are locked from using the password reset, they will recieve a message why.  The super admin ('admin') will always be blocked from resetting passwords this way.

If a user has more questions on file than they are asked, the questions will be selected randomly.  Entering a blank answer or not being able to read the captcha does not count towards their "wrong answer" score.

A User's Question Pool

When someone creates a new user, they will be asked to pick and answer questions.  These question / answer pairs are actually stored as an attribute for every user.  With the default install, each user has two of these attributes.  

If more questions are required, create a new "Secret Question" attribute from the User Attributes page of the dashboard.  The attribute needs to be Editable and Required in the profile and on registration.