Scenario 2: Security questions
In this scenario, users can reset their password via security questions. In this scenario, a new password is provided by the user.
You can choose to adapt the scenario slightly and have the password generated automatically, after which it is send to a private e-mail address. This requires that users also register their private e-mail address.
Sign up for password resets
Before users can reset their password, they need to sign up for password resets by registering security questions and their answers.
- The user requests the service that signs up for password resets.
- The user selects security questions and provides answers.
- These questions and answers are registered for use with password resets.
Perform password resets
After registration, users can reset their password.
- The user clicks the Password Reset link.
- The user identifies himself.
- The user provides answers to the security questions.
- The user provides the new password.
- A service resets the password to the new one, after which the user can sign in again.