Password Reset module administration screen.

The password_reset module allows for passwords to be reset without involving e-mail addresses through the use of security questions. This module would typically be used on sites that do not require users to enter their e-mail addresses or prefer not having to deal with spam folder issues etc.

This module supports the following features:

  • Add (and manage) preset questions for users to choose from.
  • Allow for case-sensitive/insensitive answers.
  • Control the format of answers using regular expression checks.
  • Store answers in hashed form similar to Drupal core passwords. The module uses core's pluggable while doing so.
  • Track the usage of each question.
  • Optionally allow users to choose their security question during registration and later, to manage it from their account management pages.
  • Optionally redirect preexisting users who have not chosen their question to their account management page.
  • Optionally require users to enter their current password when adding or modifying their security questions.
  • Flood control to prevent abuse of the password reset form.
  • Security precautions which ensure that information about valid usernames is not inadverdently revealed through the password reset form.

Project information