
Password Reminders
Table of Contents [-]
Introduction #
Currently, for users that forget their passwords, Liferay Portal allows obtaining a new one by email. This functionality will allow a second security mechanism based on reminder queries. When this functionality is enabled, in order to request a new password the user will go to the existing UI called "Forgot Password" to introduce his email address / login and a text verification. After that, the user will be shown a new page which shows him his question and the user will have to provide the answer so that the new password is sent to his email address. This new mechanism requires users to select a query out of a list of queries provided or write their custom question and giving a textual answer. To that end the form shown for My Account has been extended to allow the end user to provide an answer to it.
How does it work? #
If reminder queries are enabled when a new user logs into the portal for the first time he will be shown a page which makes him choose a question and an answer.
In this situation, a new password won't be sent to any user unless he remembers his answer to the question. If a user doesn't have a stored answer, he won't be able to recover a new password.
After the first login, reminder query and answer can be modified through My account.
We can allow users to have their own questions or make them choose one from a list.
When a user has to choose a reminder query question, the list of available reminder queries will be obtained by: 1. Looking at an specific set of reminder queries specifically for his immediate organization. 2. If his immediate organization doesn't have a set of reminder queries, repeat the lookup for the parent organization. 3. Repeat until a parent organization has a set of reminder queries or the top level is reached. When this happens the list is obtained from portal.properties 4. If the user belongs to several organizations the same process is repeated for each and the reminder queries found will be added to the available options.
Configuration #
This mechanism can be configured through several properties in portal.properties.
#
- Settings for reminder queries
users.reminder.queries.enabled=true users.reminder.queries.custom.question.enabled=true }}} The first property enables the mechanism of reminder queries and makes them essential to obtain a new password. The second property allows the user to write his own question so that he can choose his own one in addition to the ones offered to him by default.
#
- Input a list of valid reminder queries
users.reminder.queries.questions=what-is-your-primary-frequent-flyer-number, what-is-your-library-card-number,what-was-your-first-phone-number,what-was-your-first-teachers-name, what-is-your-fathers-middle-name }}} This property allows us to write the pre-set reminder queries. (By default, they are the same used by Google). It is important to separate them by commas, no capital letters and hyphens between words. Writing them in this format allows Liferay to show them in different languages to users.
In addition, any organization can define its own reminder queries instead of the default ones. This can be done in a new section in Control panel --> Organizations --> Reminder queries.