Hi All, I'm working on supporting user information recovery scenarios in IS user portal [1].
While discussing on the user aspects of password recovery with security questions, with UX team we came across the below concern. 1. Should we view all of the security questions chosen by the user, from each question set, in the same page 2. Should we view the question chosen from each question set in a separate page, and make the user to go page by page answering each question If we chose option (1) we should be able to verify user answers for all the questions in a one step. If all are answered properly we will let the user to proceed, or else we will notify the user that he has not correctly answered to one or more, in the next page. If we chose option (2) in each step we will verify the user's answer to the question prompted. If the first one is properly answered prompt the second question and let him to proceed similarly or else break the flow. However, with information recovery service implementation at IS , we can only support option (2) at the moment. But, as it seems most of the sites opt for option (1). We would like to clarify on which option we should proceed with. Also, would like to clarify on any security concerns with regard to above options. Appreciate your thoughts. [1] https://wso2.org/jira/browse/IDENTITY-3300 Thanks, Malithi. -- *Malithi Edirisinghe* Senior Software Engineer WSO2 Inc. Mobile : +94 (0) 718176807 malit...@wso2.com
_______________________________________________ Dev mailing list Dev@wso2.org http://wso2.org/cgi-bin/mailman/listinfo/dev
