Default security answer

This is a forum to suggest new features for mojoPortal. 

This thread is closed to new posts. You must sign in to post in the forums.
12/17/2009 11:03:05 AM
Gravatar
Total Posts 248

Default security answer

The default security answer is "blue", right?

This has the side effect that most of my users' default security answer is "blue"

...

maybe we should set it to a blank value...

12/17/2009 1:05:39 PM
Gravatar
Total Posts 18439

Re: Default security answer

There is also a default security question "What color is blue?" and yes the answer is "blue"

The reason it cannot be blank is because at any time you could change the setting in site settings to require a question and answer and if any users exist with blanks they will not be able to recover their password. If it is configured to require question and answer then the user must make up their own during registration. But if it is not required then these settings are not shown in the UI but we still must populate it in the background in case you ever enable it so we use this default question and answer in that case and we also use it during initial setup when we create the admin user.

Best,

Joe

12/18/2009 3:16:45 AM
Gravatar
Total Posts 248

Re: Default security answer

oh, i did not think about that

you are right

4/17/2012 11:14:05 AM
Gravatar
Total Posts 25

Re: Default security answer

Is there a way to change the default security question? If yes, then where?

Thanks,

Scott

4/17/2012 1:25:56 PM
Gravatar
Total Posts 248

Re: Default security answer

I would change it from the language resource files, but it would be a nightmare to update

4/17/2012 1:39:16 PM
Gravatar
Total Posts 18439

Re: Default security answer

Why would you need to change it?

It is not used when a user registers on the site and question and answer is required the fields are blank and the user must create their own question and answer. It is used when an admin user creates a new user but the admins can easily type something else in there we are just saving him some time. The main purpose for it is to be obvious what the answer is in the case where the user did not provide the question and answer themselves otherwise the user will not know the answer and will not be able to recover their password. It comes from a resource file so it can be localized for different languages but I don't see any reason why it would need to be customizable since you can set it to whatever you want when you create a user and the default question and answer serve their purpose for the case where the user did not create them and needs to be able to know what the answer is to the question, it is obvious what the answer is for the question "What color is blue?" It is only used in those cases where the user does not end up creating the question and answer themselves and the user can change it at any time on their user profile.

4/17/2012 2:56:19 PM
Gravatar
Total Posts 25

Re: Default security answer

Well I was going to use it as a hack to force my users to enter their street address. Basically I was going to turn on functionality to approve pending users and if they didn't answer the "what is your street address" security question with a valid street address that I verify against our house list, then I would not approve the login request. I'm building a homeowner association website and wanted a way to have information to figure out whether a user should be granted a login or not because I didn't see of a way to modify the required registration fields.

Thanks,

Scott

4/17/2012 3:02:42 PM
Gravatar
Total Posts 18439

Re: Default security answer

Hi Scott,

You can add custom fields to the profile that are required for registration and this would be much better than trying to hijack fields that already have a purpose.

See User Profile Configuration

Hope that helps,

Joe

4/17/2012 3:05:40 PM
Gravatar
Total Posts 2162

Re: Default security answer

Hi,

You can require users to fill out custom information using the User Profile configuration.

See the User Profile Configuration documentation.

HTH,
Joe D.

4/17/2012 4:02:20 PM
Gravatar
Total Posts 25

Re: Default security answer

Yes thankyou for providing this functionality. It's exactly what I was looking for. 

You must sign in to post in the forums. This thread is closed to new posts.