Educause Security Discussion mailing list archives
Self-service password change authentication criteria
From: Rob Tanner <rtanner () LINFIELD EDU>
Date: Mon, 19 Oct 2009 15:32:36 -0700
Hi, When a student, staff or faculty member has either forgotten their password or failed to change it by the expiry deadline, we have been using mother¹s maiden name and SSN for authentication. Unfortunately, not all students have an SSN on file and we want to get away from using the SSN even if they did. What criteria are schools that do self-service using? We¹ve thought about looking for other pieces of information we already have on file that the user is likely to remember about him or herself and we¹ve also thought about using the two secret questions technique. Are there other methods in common use? What is considered best practice in higher education? Thanks, Rob Rob Tanner UNIX Services Manager Linfield College, McMinnville Oregon
Current thread:
- Self-service password change authentication criteria Rob Tanner (Oct 19)
- <Possible follow-ups>
- Re: Self-service password change authentication criteria Basgen, Brian (Oct 19)
- Re: Self-service password change authentication criteria Gary Dobbins (Oct 19)