SecurityQuestion
Manages security questions and answers used as a backup authentication method for account recovery. Security questions provide an additional layer of identity verification when users forget their password or need to prove their identity from an unrecognized device. This entity stores both predefined questions (like 'What was your first pet's name?') and allows custom questions that users can create themselves. The answers are always stored in hashed format, never in plain text, to protect against data breaches. Security questions are particularly useful as a fallback when other recovery methods (email, phone) are unavailable. They work by asking personal questions that ideally only the account owner would know the answer to. The system typically requires users to answer multiple questions correctly to prevent guessing attacks. While not as secure as modern methods like SMS or authenticator apps, security questions remain popular because they don't require external devices or services, making them accessible to all users regardless of their technical capabilities.
Properties
| Property | Type | Mode | Description | Required |
|---|---|---|---|---|
| user | User | stored | The user who owns this security question | Required |
| questionId | string | stored | Unique identifier for the question Example: | Required |
| question | string | stored | The security question text Example: | Required |
| questionType | string | enum | Whether this is a system-provided or user-created question Values: Example: | Optional |
| category | string | stored | Category grouping for the question Example: | Optional |
| answerHash | string | stored | Cryptographically hashed answer for security | Required |
| answerHint | string | stored | Optional hint to help remember the answer (user-provided) Example: | Optional |
| answerFormat | string | enum | Expected format of the answer for validation Values: | Optional |
| caseSensitive | boolean | stored | Whether the answer matching is case-sensitive | Optional |
| minAnswerLength | integer | stored | Minimum required length for the answer Example: | Optional |
| isActive | boolean | stored | Whether this question is currently active for authentication | Optional |
| usageCount | integer | stored | Number of times this question has been used for verification | Optional |
| lastUsedAt | DateTime | stored | Last time this question was used for authentication | Optional |
| failedAttempts | integer | stored | Number of consecutive failed answer attempts | Optional |
| lockedUntil | DateTime | stored | Question locked until this time due to too many failures | Optional |
| priority | integer | stored | Display order when showing multiple questions | Optional |
| expiresAt | DateTime | stored | When this security question expires and must be updated | Optional |
| createdAt | DateTime | stored | When this security question was set up | Required |
| updatedAt | DateTime | stored | Last time the question or answer was modified | Optional |
Examples
Example 1
{
"@type": "SecurityQuestion",
"questionId": "sq_first_pet",
"question": "What was the name of your first pet?",
"questionType": "predefined",
"category": "personal",
"answerHint": "Golden retriever from childhood",
"answerFormat": "text",
"caseSensitive": false,
"minAnswerLength": 2,
"isActive": true,
"usageCount": 3,
"lastUsedAt": "2024-02-20T10:30:00Z",
"failedAttempts": 0,
"priority": 1,
"createdAt": "2024-01-01T12:00:00Z",
"updatedAt": "2024-01-01T12:00:00Z"
}Example 2
{
"@type": "SecurityQuestion",
"questionId": "sq_custom_001",
"question": "What is the name of the street where you lived in 2010?",
"questionType": "custom",
"category": "location",
"answerHint": "Downtown area",
"answerFormat": "text",
"caseSensitive": false,
"minAnswerLength": 5,
"isActive": true,
"usageCount": 0,
"failedAttempts": 2,
"priority": 2,
"expiresAt": "2025-01-01T00:00:00Z",
"createdAt": "2024-01-15T09:00:00Z",
"updatedAt": "2024-03-10T14:00:00Z"
}