Scenario 2: Security questions

In this scenario, users can reset their password via security questions. In this scenario, a new password is provided by the user.

You can choose to adapt the scenario slightly and have the password generated automatically, after which it is send to a private e-mail address. This requires that users also register their private e-mail address.

Sign up for password resets

Before users can reset their password, they need to sign up for password resets by registering security questions and their answers.

Sign up password reset questions

  1. The user requests the service that signs up for password resets.
  2. The user selects security questions and provides answers.
  3. These questions and answers are registered for use with password resets.

Perform password resets

After registration, users can reset their password.

Perform password reset questions

  1. The user clicks the Password Reset link.
  2. The user identifies himself.
  3. The user provides answers to the security questions.
  4. The user provides the new password.
  5. A service resets the password to the new one, after which the user can sign in again.
To set up this scenario:
  1. Configure the service that registers the security questions
  2. Configure the service that resets the password based on user input
  3. Configure the Password Reset settings
  4. Testing scenario 2: Security questions