by Jeff Eaton

Module Monday: Security Questions

Drupal's user account system may not be flashy, but it gets the job done. User logins, email notifications, secure password resets... It covers all the basics, and third-party modules like Mollom can even add CAPTCHAs during account creation. What happens, though, if you want to add a bit of extra security to the user login process and the critical "password reset" function? That's where Security Questions comes in. It adds user-selectable security questions to each user account, and uses them to provide an additional layer of authentication.

Screenshot of administration screen

Setting up Security Questions is pretty simple. It comes pre-populated with a list of a dozen or so standard security questions like "Mother's maiden name" and "Your first pet." Administrators can choose how many security questions a user has to choose and fill out when creating their account. In addition, administrators can choose when the security questions are used. You can require that users answer their security questions when resetting their account password, for example, or go all-out and require that they answer at least one of them every time they log in. It even supports an optional "remember me" checkbox: when that feature is turned on, users only have to answer their security questions every n days or weeks, rather than every time they log in.

Screenshot of the user's edit form

They may not be the flashiest feature on a web site, but simple tools like good security questions can help keep user accounts secure. The Security Questions module makes adding and tweaking the operation of them extremely simple; if you're considering adding them to your site, check it out!