How to configure Security Questions in DirectAdmin

To increase the security of your DirectAdmin account, you can set up Security Questions. You can set one or more questions, choose from a predefined list of questions or enter your custom ones. The default questions are:

What is the name of your favorite childhood friend?
In what city did you meet your spouse/significant other?
What was your childhood nickname?
What street did you live on in third grade?
What is your oldest sibling's birthday month and year? (e.g: January 1970)
What is the middle name of your oldest child?
What is your oldest sibling's middle name?
What school did you attend for sixth grade?
What was your childhood phone number including area code? (e.g: 000-000-0000)
What is your oldest cousin's first and last name?
What was the name of your first stuffed animal?
In what city or town did your mother and father meet?
Where were you when you had your first kiss?
What is the first name of the boy or girl that you first kissed?
What was the last name of your third grade teacher?
In what city does your nearest sibling live?
What is your oldest brother's birthday month and year? (e.g: January 1970)
What is your maternal grandmother's maiden name?
In what city or town was your first job?
What is the name of the place your wedding reception was held?
What is the name of a college you applied to but didn't attend?

How to configure Security Questions in DirectAdmin

1. Log into your DirectAdmin user account

2. Go to Advanced Features >> Security Questions

3. Click the Add new Security Question link. Choose a predefined question/or a custom one and enter the answer. Click the ADD button.

4. Repeat step 3. to add more questions. DirectAdmin will randomly choose one of them upon login.

5. Click the ENABLE button. Security Questions function is enabled now.

directadmin security questions
DirectAdmin Security Questions

The video tutorial on how to set up security questions is here:

DirectAdmin Security Questions tutorial

The Security Questions options are the two ones listed below. The first one will permit API logins, the second one will notify you of failed login attempts.

Allow API logins with the current User/password. Login Keys and Session Keys are always allowed.
Notify me on all failed question attempts. Disabling this option will still notify you after 5 failed attempts.

With the above option enabled you will receive a notification every time someone tries to connect to your account with a wrong answer to a security question. In the message, you will also see the text that that person entered. The message will be:

Warning: has a valid password for plothost but failed the security questions 3 times.
2021-08-01 09:16
The IP has provided the correct password for the plothost account.
However, after 3 attempts, they were not able to provide a valid answer for the security questions, so no access was granted.
If this is not your IP, change your password.

The question was:
'In what city did you meet your spouse/significant other?'

with the incorrect answer of:

A much better way to protect your account is by using two-factor authentication. Check our article on How to enable Two-Step Authentication in DirectAdmin

How to change your DirectAdmin account password
Security Questions

Leave a Reply