Security Questions Settings

Customize your Security Questions from the Descope console (Settings > Authentication Methods > Security Questions).

Enable Method in API and SDK

The Enable method in API and SDK toggle controls whether Security Questions authentication can be invoked programmatically via APIs and SDKs.

  • When enabled: Authentication works via flows, APIs, and SDKs
  • When disabled: Authentication only works with flows or calls made with a valid management key

Available Settings

This section describes additional details about the configuration options available.

Questions List

The default setup includes five security questions, which you can customize by modifying, removing, or adding your own. Add or remove questions from this list to make them available to user during setup. Number of questions can be between 2 and 50. Default is 5.

Require at least x Questions from the End User Upon Setup

The number of questions the user must answer during setup. During MFA verification, the user will be asked to answer a subset of these questions. Number of questions can be between 1 and 50. Default is 1.

Require at least x questions from the end user during verification

The number of questions the user must answer during verification. The questions will be randomly selected from the list of questions the user has answered during the initial setup. Number of questions can be between 1 and 50. Default is 1.

Lock Account After x Attempts

When a user answers questions incorrectly more than x times, the user will be locked and unable to log in again. Disabled by default. Number of attempts can be between 2 and 10.

Temporary Lock After x Attempts, For y Minutes

When a user answers questions incorrectly more than x times, the user will be temporarily locked and unable to log in for y minutes. After y minutes the user will be able to log in again. Disabled by default. Number of attempts can be between 1 and 10, default is 3 attempts. Number of minutes can be between 1 and 1440, default is 5 minutes.

Was this helpful?

On this page