Skip to main content

Security Questions

Security Questions are a knowledge-based authentication (KBA) that adds an extra layer of protection by verifying users through personal questions only they should know the answers to, such as "What is your mother’s maiden name?". This method is especially useful for scenarios like password recovery or step-up authentication when primary methods (like OTP via SMS or email) aren't feasible. LoginRadius allows you to configure custom questions, control how many are shown, and set limits on answer attempts, giving you flexibility to tailor the experience to your security requirements.

Key Features

LoginRadius Security Questions offer a set of features designed to enhance both user account protection and administrative control over how the feature is deployed:

  • Custom Questions Configuration: You can create personalized security questions that reflect the needs of your user base.

  • Multi-Question Support: Choose how many questions are presented to the user during authentication.

  • Retry Limit Enforcement: Define how often a user can attempt to answer security questions before being locked out of the process.

  • Console and Code Integration: Based on your development strategy, deploy the feature directly from the Admin Console or via the JavaScript SDK and API endpoints.

These capabilities work together to reduce the risk of unauthorized access and improve the resilience of your authentication process.

Business Use Cases

Security Questions can be applied in multiple customer identity workflows to increase confidence in user verification, especially when dealing with forgotten passwords or unusual sign-in patterns.

  • Account Recovery: During password reset, Security Questions help confirm that the request is from the actual user and not a malicious actor.

  • Step-Up Authentication: When combined with contextual or risk-based triggers (e.g., new device or location), Security Questions provide an extra hurdle before sensitive actions.

  • Low-Tech Environments: In scenarios where users may not be able to access email or mobile devices, Security Questions provide a reliable fallback authentication method.

  • Regulatory Compliance: Knowledge-based verification is sometimes mandated as part of identity verification for industries like healthcare, finance, and government.

Configuration

LoginRadius provides a flexible configuration experience through the Console, where administrators can define the questions and control how the feature behaves during authentication and recovery processes.

  1. Log in to your LoginRadius Console.

  2. Go to Security > Security Question.

  3. Click Add New Security Question to begin defining your custom questions.

  4. Enter the security question text you want users to answer.

  5. Save your settings to apply the question to your registration and recovery flows.

You can also adjust how many questions should be rendered to users and how many times they’re allowed to answer incorrectly during a password reset.

Security Question API Integration

In addition to console-based and SDK-level setups, LoginRadius offers a set of dedicated API endpoints to help you manage security questions programmatically. These APIs allow you to retrieve, configure, and update user-specific security questions and answers, giving you more flexibility in integrating this authentication factor into your application workflows.

The security questions configured via the LoginRadius Console are stored as key-value pairs, with each question assigned a unique QuestionId. You can retrieve these using:

Sample response:

{
  
  "SecurityQuestions": {
    "Questions": [
      {
        "QuestionId": "2acec20722394dc3bd6362ef27df824e",
        "Question": "What is your favourite donut?"
      },
      {
        "QuestionId": "5ea913df084b4dbcb3100820769e8d1a",
        "Question": "What's your first job?"
      }
    ],
    "SecurityQuestionCount": 2
  }
  
}

Explore additional documentation to extend further or enhance your use of Security Questions: