Educause Security Discussion mailing list archives
Re: Passowrd - User Self Service Resets?
From: "Lucas, Bryan" <b.lucas () TCU EDU>
Date: Mon, 14 Mar 2005 14:06:52 -0600
I highly recommend looking at www.anixis.com, the PPE and APR products. Excellent value, simple installation, quick support. The PPE product does password complexity/enforcement and APR does web reset. Handles 2003 no problem, we've put it thru the 2000-->2003 upgrade already. You can implement complexity requirements by AD security groups and all it takes is a simple .DLL on each DC. Of course I was nervous about putting software on my DC, but it is clean, small and has been rock solid. There is an *optional* client piece that can be rolled out via GPO if you wish to provide detailed error messages (e.g. "Your password must include a number") rather than Windows' default vague response. The web interface is customizable and simple to setup and we run it on a separate box to isolate it in a DMZ. Our setup is here: http://mypw.tcu.edu If you'd like a test account, email me offline. The toughest part is getting your users to agree to complexity, which is its own discussion :) Bryan Lucas Server Administrator Texas Christian University (817) 257-6971 -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Dave Koontz Sent: Monday, March 14, 2005 1:14 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Passowrd - User Self Service Resets? We have been asked to explore and evaluate programs which provide users with a "Self Service" password reset mechanism via a Web Page. This is because of an increasing number of our students who either forget their passowrds, or set their browser to "remember" their password and don't have a clue what it is when change time comes, causing more and more work for our helpdesk. Has anyone written such a Web Program for allowing users to reset their own passwords against a Windows 2003 AD Domain that they could share? Retail products seem to be extremely over-priced. If you have found a reasonably priced, well designed retail product please share any details. Also, it has been suggested that the only information we need to collect from a user via a web form to reset their account is the Network UserName, College ID Number and the last 4 digits of their social security numbers. This concerns me because all the information necessary to reset a password is in a users wallet / purse, which of course could be lost. Also, this information is readily available to any of our faculty and staff via our Administrative software. Do anyone of you reset passwords with only this data? Would anyone be willing to share what they belive should be the MININIMUM Data collection requirements? And how do you force users to go though a registration process to populate the Password Reset system? I would like to go to management with some 'from the field' reports of what others are doing. Thanks in Advance! --- Dave Koontz Associate Director, CIS Mary Baldwin College Staunton, VA ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Passowrd - User Self Service Resets? Dave Koontz (Mar 14)
- <Possible follow-ups>
- Re: Passowrd - User Self Service Resets? Rob Tanner (Mar 14)
- Re: Passowrd - User Self Service Resets? Lucas, Bryan (Mar 14)
- Re: Passowrd - User Self Service Resets? Rich Graves (Mar 14)
- Re: Passowrd - User Self Service Resets? Lucas, Bryan (Mar 14)
- Re: Passowrd - User Self Service Resets? clementz.7 (Mar 14)
- Re: Passowrd - User Self Service Resets? Vicky Walker (Mar 14)
- Re: Passowrd - User Self Service Resets? Chris Boniforti - Lynn University (Mar 14)
- Re: Passowrd - User Self Service Resets? Lucas, Bryan (Mar 14)
- Re: Passowrd - User Self Service Resets? Gary Dobbins (Mar 15)
- Re: Passowrd - User Self Service Resets? Hart, Lee Anne (Mar 15)
- Re: Passowrd - User Self Service Resets? stanislav shalunov (Mar 15)
- Re: Passowrd - User Self Service Resets? Bill Frazier (Mar 15)
(Thread continues...)