Educause Security Discussion mailing list archives
Re: Automatic Password Resets
From: "Torres, Juan" <torresj () OHIODOMINICAN EDU>
Date: Mon, 29 Oct 2007 17:33:24 -0400
Connie, In January, we purchased Anixis Password Reset (http://www.anixis.com/). There is a video on the site that does a full demo. We had a home grown system, but it was too clunky and it failed our security audit. With the implementation of this product, we also changed our expiration time from 45 days to 120 days. We are in the process of implementing more complex passwords, but we felt it was a lot of changes to make at one time. Pros: - Very easy to implement. We put together a quick landing page before the application. http://helpdesk.ohiodominican.edu/reset/Default.aspx - My Favorite Feature - Windows Plug-in that can be deployed in seconds by using AD Group Policy, which allows password resets right from any campus desktop. - You customize your own questions - Faculty/Staff/Students unlock accounts, reset passwords, change passwords - Disable "VIP" accounts from using it. Therefore, preventing a client form compromising a high level account - Automatically disables password reset feature if questions are incorrectly answered - Helps reduce calls to the helpdesk Cons: - Very poor tracking. I cannot provide metrics on how successful the product is used. The software only creates an event log, no dashboard feature. Does not integrate in to call tracking software. - You must do a major campaign to get members to register. - People forget their registration questions - This system does not address our issue with initial account activation. Students still need to contact the helpdesk to set up their account. - Only e-mail support because they are overseas. However, very rapid response. If you need more information, let me know. Juan A. Torres Helpdesk Manager Ohio Dominican University Computer Helpdesk 1216 Sunbury Road | Columbus | OH | 43219 1.888.251.0773 | 614.253.3615 -----Original Message----- From: Sadler, Connie [mailto:Connie_Sadler () BROWN EDU] Sent: Monday, October 29, 2007 5:06 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Automatic Password Resets Is anyone doing automatic password resets? We're interested in minimizing the numbers of calls in to our Help Desk - especially for the many applicants who forget how to access our application initially - to get started with Brown. I know there are commercial products out there; do any of you have some positive experience to share about what works for you - and if you use something home-grown, I'd be interested in hearing about that as well. Thanks much! Connie Connie J. Sadler, CM, CISSP, CISM, GIAC GSLC IT Security Officer, Brown University Campus Box 1885, Providence, RI 02912 Connie_Sadler () Brown edu, Office: 401-863-7266 PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x91E38EFB PGP Fingerprint: DA5F ED84 06D7 1635 4BC7 560D 9A07 80BA 91E3 8EFB
Current thread:
- Automatic Password Resets Sadler, Connie (Oct 29)
- <Possible follow-ups>
- Re: Automatic Password Resets Torres, Juan (Oct 29)
- Re: Automatic Password Resets Steve Schuster (Oct 30)
- Re: Automatic Password Resets Mclaughlin, Kevin (mclaugkl) (Oct 30)