Implementing Security Questions with FusionAuth
-
How can we integrate security questions into FusionAuth? Specifically:
a) Authoring security questions.
b) Using security questions during the registration workflow.
c) Using security questions during credential recovery. -
FusionAuth does not currently provide out-of-the-box support for security questions.
If security questions are critical to your solution, you would need to implement this functionality externally and integrate it with FusionAuth using API calls. For example:
- Authoring Security Questions: Create a custom interface for users to set up their security questions and store these securely in your system.
- Using Security Questions During Registration: Extend your registration workflow to include security questions, then associate the responses with the user data stored in your database.
- Using Security Questions During Credential Recovery: Implement a custom flow to verify the user's identity using security questions before proceeding with a password reset, and use FusionAuth’s APIs to handle credential recovery.
By building this functionality externally and integrating it via FusionAuth’s APIs, you can achieve the desired security question workflow while maintaining compatibility with FusionAuth.
-