Password reset

The password_reset module allows for passwords to be reset without involving e-mail addresses through the use of security questions. This module would typically be used on sites that do not require users to enter their e-mail addresses or prefer not having to deal with spam folder issues etc.

This module supports the following features:

• Add (and manage) preset questions for users to choose from.
• Allow for case-sensitive/insensitive answers.
• Control the format of answers using regular expression checks.
• Store answers in hashed form similar to Drupal core passwords. The module uses core's pluggable password.inc while doing so.
• Track the usage of each question.
• Optionally allow users to choose their security question during registration and later, to manage it from their account management pages.
• Optionally redirect preexisting users who have not chosen their question to their account management page.
• Optionally require users to enter their current password when adding or modifying their security questions.
• Flood control to prevent abuse of the password reset form.
• Security precautions which ensure that information about valid usernames is not inadverdently revealed through the password reset form.