# Security Questions

Maintained by Catalyst IT, Peter Burnett, Brendan Heywood
This plugin adds a framework for adding and enforcing security questions for users to perform a password reset. Currently it only operates on the Moodle Core 'Forgot Password' page, however it is easily extensible to other forms. NOTE: This plugin only has native compatability with Moodle 3.8. For Moodle 3.7, MDL-66173 must be cherry-picked to allow the plugin to interact with Moodle. See Readme for more detailed instructions
Latest release:
28 sites
4 fans
Current versions available: 1
This plugin adds a framework for adding and enforcing security questions for users to perform a password reset. Currently it only operates on the Moodle Core 'Forgot Password' page, however it is easily extensible to other forms.

NOTE: This plugin only has native compatability with Moodle 3.8. For Moodle 3.7, MDL-66173 must be cherry-picked to allow the plugin to interact with Moodle. See Readme for more detailed instructions.

For further information, consult the Readme file

### Contributors

Peter Burnett: Developer
Brendan Heywood: Solutions Architect

### Awards

• Tue, Oct 29, 2019, 9:30 AM
Approval issue created: CONTRIB-7886
• Sat, Apr 18, 2020, 12:01 AM
Documentation states that this plugin is easily extensible to other forms--but how?
• Sun, Apr 19, 2020, 10:06 PM
^ Same question need to integrade on login, like 2FA, but how?
• Wed, Sep 16, 2020, 6:09 PM
Hi,
just did a complete first translation to German. I notice, that still english occurs (hardcoded probably):

a) When a users needs to set questions: "It is required that you answer a minimum of 3 security questions."

"Lockout tier settings
These settings allow you to add lockout tiers to Security Questions. Leave these settings as 0 to disable lockout tiers. If these settings are set, when a user triggers a lockout, they will instead be allowed to attempt security questions again after the duration specified for the tier. When a user triggers a lockout, they will move up a lockout tier. Lockouts will automatically be cleared after the duration specified in the lockoutexpiryduration control, if it is not set to 0.

Lockout tier one duration
tool_securityquestions | tieroneduration

Length of time during a tier one lockout where a user cannot reattempt security questions.

Lockout tier two duration
tool_securityquestions | tiertwoduration

Length of time during a tier two lockout where a user cannot reattempt security questions.

Lockout reset reset time
tool_securityquestions | lockoutexpiryduration

Length of time with no failed attempts before lockout is automatically cleared. Set to 0 to keep accounts locked until administrator reset."

c) also strange: in https://mysite/admin/tool/securityquestions/set_questions.php a translation is not really translated. In the heading where it reads if active/unactive - the parameter still shows up:
Aktiv - {$a} zusätzliche Fragen erforderlich. same in https://mysite/admin/tool/securityquestions/set_responses.php Dauer der Nachfrist: {$ a}

Olaf