Confirmation by the answer to the security question#

Blitz Identity Provider allows you to request the user to enter the answer to the security question to confirm the login. This can be useful in confirmation scenarios when recovering a forgotten password. To use this authentication method, follow the steps described below.

Step 1. Add the method to blitz.conf#

In order for the authentication method Confirmation by the answer to the security question to appear in authentication methods on the tab Second factor, follow these steps:

  1. Open the /usr/share/identityblitz/blitz-config/blitz.conf file.

    sudo vim /usr/share/identityblitz/blitz-config/blitz.conf

  2. In the settings section blitz.prod.local.idp.login.factors in the second list, add a block of settings using the secQsn method:

    "login" : {
    "factors" : [
        [
            …
        ],
        [
            {
                "enabled" : false,
                "method" : "secQsn"
            },
            …
        ]
    ],
    …
}

  3. Restart the services.

    sudo systemctl restart blitz-idp blitz-console blitz-recovery

Step 2. Creating a directory of security questions#

To create a directory of security questions, follow these steps:

  1. Create the directory /etc/blitz-config/custom_messages/dics on the server.

  2. Create a file /etc/blitz-config/custom_messages/dics/securityQuestions with the contents of the checklist. Example of a securityQuestions file with a directory of security questions:

    01=What is your mother's maiden name?
02=What is your grandmother's maiden name?
03=What was the first movie you saw in the cinema?
04=What is your favorite literary work?
05=What was the name of your third grade teacher
06=The first dish you learned to cook
07=What was the name of your first pet
08=What did you want to become as a child?
09=What was the name of the first school you went to?
10=What was the name of the first street where you lived as a child?

    Attention

    The number in the checklist is used for sorting when displaying a list of security questions to the user.

  3. Check the owner of the dics directory and the directory files in it. The owner must be blitz:blitz.

    chown -R blitz:blitz /etc/blitz-config/custom_messages/dics

  4. In the configuration file /usr/share/identityblitz/blitz-config/blitz.conf, add the``dics`` block to the blitz.prod.local.idp.messages block. In the names setting, specify the name of the securityQuestions directory. For example:

    "dics" : {
    "dir" : "custom_messages/dics",
    "names" : [
        "securityQuestions"
    ]
}

Step 3. Configure the method in the console#

The following settings must be set in the Admin console:

  • Total number of attempts – the number of attempts to enter the answer to the security question, after which this confirmation method will be blocked.

  • Blocking time when attempts are exceeded (in minutes).

The list configured of security questions is also displayed in the admin console.

../_images/SecQsn_en.png