Skip to main content

Single factor authentication: Password or security questions

For this use case, an authentication chain is set up to allow authentication with either a password or security questions. Even if the password is incorrect, the user may still proceed further down the chain to try logging in using their security questions.

This can be implemented by configuring a custom authentication chain:

Module

Control type

Password authentication (password.pss)

sufficient

Security questions (response.pss)

binding

When a user logs in:

  1. The user chooses the custom authentication chain and enters a password.

  2. If the password is entered:

    • Correctly, then the user is immediately logged into the Front-end.

    • Incorrectly, then the authentication chain continues and the user is prompted to answer their security questions.

  3. If the answers to the security questions are:

    • Valid, then the user is immediately logged into the Front-end .

    • Invalid, then the user is redirected to the main page to select an authentication method to use to log in. This is because the Control type for the response.pss module is set to binding, so the chain fails if an invalid answer is entered. Also, the password.pss module has the Control type set to sufficient, which requires at least one module to succeed authentication.

In this section: