Educause Security Discussion mailing list archives
Re: Password hints
From: Darren Schell <darren.schell () ULETH CA>
Date: Mon, 15 Dec 2008 14:29:32 -0700
I ran across this site a few months back -- it describes an alternative approach that attempts to address the weaknesses of standard "secret questions" schemes. They've done some research on the problem and arrived at a scheme that involves collecting a list of things the user likes and dislikes:
http://www.ravenwhite.com/iforgotmypassword.html You can try out the demo here: http://blue-moon-authentication.com/ There's also a Google TechTalk on the subject: http://www.youtube.com/watch?v=pypFzJmgPhg&feature=user Darren Schell Information Security Manager Department of Information Technology University of Lethbridge On 12-Dec-08, at 2:26 PM, Stewart, Ian wrote:
Does anyone have advice for what sort of questions might be allowable or wise to use for password challenge-response in the event someone forgets their password? I think recent guidelines have ruled out using your mother’s maiden name and other old standards.How have you handled this at your campus? Thanks, Ian
Attachment:
smime.p7s
Description:
Current thread:
- Re: Password hints, (continued)
- Re: Password hints Strzelec, Wally (Dec 12)
- Re: Password hints Brian Kaye (Dec 12)
- Re: Password hints Zach Jansen (Dec 12)
- Re: Password hints Russell Fulton (Dec 14)
- Re: Password hints Wayne Samardzich (Dec 14)
- Re: Password hints Brian Kaye (Dec 14)
- Re: Password hints Roger Safian (Dec 15)
- Re: Password hints Gary Flynn (Dec 15)
- Re: Password hints Cal Frye (Dec 15)
- Re: Password hints Adam Schumacher (Dec 15)
- Re: Password hints Darren Schell (Dec 15)