Support for Drupal 7 is ending on 5 January 2025—it’s time to migrate to Drupal 10! Learn about the many benefits of Drupal 10 and find migration tools in our resource center.
The password_reset module allows for passwords to be reset without involving e-mail addresses through the use of security questions. This module would typically be used on sites that do not require users to enter their e-mail addresses or prefer not having to deal with spam folder issues etc.
This module supports the following features:
- Add (and manage) preset questions for users to choose from.
- Allow for case-sensitive/insensitive answers.
- Control the format of answers using regular expression checks.
- Store answers in hashed form similar to Drupal core passwords. The module uses core's pluggable password.inc while doing so.
- Track the usage of each question.
- Optionally allow users to choose their security question during registration and later, to manage it from their account management pages.
- Optionally redirect preexisting users who have not chosen their question to their account management page.
- Optionally require users to enter their current password when adding or modifying their security questions.
- Flood control to prevent abuse of the password reset form.
- Security precautions which ensure that information about valid usernames is not inadverdently revealed through the password reset form.
Project information
- Module categories: Security, Access Control
- 2 sites report using this module
- Created by Zen on , updated
- Stable releases for this project are covered by the security advisory policy.
Look for the shield icon below.