Educause Security Discussion mailing list archives
Re: Passowrd - User Self Service Resets?
From: "Lucas, Bryan" <b.lucas () TCU EDU>
Date: Thu, 17 Mar 2005 11:14:06 -0600
Well that was genius.... I've sent you another off-list ;) Don't think staff don't get Spring Break too. Bryan Lucas Server Administrator Texas Christian University (817) 257-6971 -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Lucas, Bryan Sent: Thursday, March 17, 2005 11:13 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Passowrd - User Self Service Resets? No problem, use: UID: zblucas2 PW: tcu.edu99 Just re-enroll the account an pick new questions, let me know when you're done. Bryan Lucas Server Administrator Texas Christian University (817) 257-6971 -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Chris Boniforti - Lynn University Sent: Thursday, March 17, 2005 11:08 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Passowrd - User Self Service Resets? Hi Byran Thanks...i will have my team look at it...may save time...let me know if I can have a guest or test account Christian Boniforti Director of Information Technology Lynn University 3601 N. Military Trail Boca Raton, FL 33431 (O) 561.237.7163 (F) 561.237.7115 (C) 561.703.6130 -----Original Message----- From: Lucas, Bryan [mailto:b.lucas () TCU EDU] Sent: Monday, March 14, 2005 10:06 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Passowrd - User Self Service Resets? Christian, Really, I don't work on commission for Anixis, but it was very inexpensive. For that price versus in-house development (and we do a lot of dev work), it just made more sense to purchase it. It couldn't have been any easier to implement. Just trying to save you some time. Bryan Lucas Server Administrator Texas Christian University (817) 257-6971 -----Original Message----- From: The EDUCAUSE Security Discussion Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Chris Boniforti - Lynn University Sent: Monday, March 14, 2005 5:10 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Passowrd - User Self Service Resets? Dave, We are looking to build something similar for our students. We are going to build it against a windows 2003 domain. We are adding Custom fields or attributes to 2003 such things like DOB and Student ID We are going to ask for FirstName, LastName, DOB, and Student ID. We will display the students NetID (we use FirstInitial+FullLastName, if dups occur we add N+1 at the end of NetID) and email address. At this time we will allow the student to create password as well as a security clue. We will ask to pick from three questions 1. What is mother's maiden name? 2. What is pets name? 3. What is city of birth? This will be used to reset password....I will let you know how it goes...we are looking to deploy this for Summer 2005 Christian Boniforti Director of Information Technology Lynn University 3601 N. Military Trail Boca Raton, FL 33431 (O) 561.237.7163 (F) 561.237.7115 (C) 561.703.6130 -----Original Message----- From: Dave Koontz [mailto:dkoontz () MBC EDU] Sent: Monday, March 14, 2005 2:14 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Passowrd - User Self Service Resets? We have been asked to explore and evaluate programs which provide users with a "Self Service" password reset mechanism via a Web Page. This is because of an increasing number of our students who either forget their passowrds, or set their browser to "remember" their password and don't have a clue what it is when change time comes, causing more and more work for our helpdesk. Has anyone written such a Web Program for allowing users to reset their own passwords against a Windows 2003 AD Domain that they could share? Retail products seem to be extremely over-priced. If you have found a reasonably priced, well designed retail product please share any details. Also, it has been suggested that the only information we need to collect from a user via a web form to reset their account is the Network UserName, College ID Number and the last 4 digits of their social security numbers. This concerns me because all the information necessary to reset a password is in a users wallet / purse, which of course could be lost. Also, this information is readily available to any of our faculty and staff via our Administrative software. Do anyone of you reset passwords with only this data? Would anyone be willing to share what they belive should be the MININIMUM Data collection requirements? And how do you force users to go though a registration process to populate the Password Reset system? I would like to go to management with some 'from the field' reports of what others are doing. Thanks in Advance! --- Dave Koontz Associate Director, CIS Mary Baldwin College Staunton, VA ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Re: Passowrd - User Self Service Resets?, (continued)
- Re: Passowrd - User Self Service Resets? clementz.7 (Mar 14)
- Re: Passowrd - User Self Service Resets? Vicky Walker (Mar 14)
- Re: Passowrd - User Self Service Resets? Chris Boniforti - Lynn University (Mar 14)
- Re: Passowrd - User Self Service Resets? Lucas, Bryan (Mar 14)
- Re: Passowrd - User Self Service Resets? Gary Dobbins (Mar 15)
- Re: Passowrd - User Self Service Resets? Hart, Lee Anne (Mar 15)
- Re: Passowrd - User Self Service Resets? stanislav shalunov (Mar 15)
- Re: Passowrd - User Self Service Resets? Bill Frazier (Mar 15)
- Re: Passowrd - User Self Service Resets? Chris Boniforti - Lynn University (Mar 17)
- Re: Passowrd - User Self Service Resets? Lucas, Bryan (Mar 17)
- Re: Passowrd - User Self Service Resets? Lucas, Bryan (Mar 17)