Educause Security Discussion mailing list archives
Re: Enabling a job applicant to resume a submission later
From: John Ladwig <John.Ladwig () CSU MNSCU EDU>
Date: Wed, 15 Dec 2010 21:54:00 -0600
I'm toying with some similar strategies, in re: smashing privs down on PW reset and requiring other processes to fully
reinstate privileges.
I like collapsing username/password into an authcode. I also like your nuance of data deletion, but am concerned about
user experience overall.
So many of my clever designs fail hard on the grandma scenario. Which is a related case to the Busy Bright Young Thing
who is our desired customer/community member in Higher Ed.
-jml
-----Original Message-----
From: Jeffrey Schiller
Sent: 2010-12-15 19:32:07
To: Jeffrey Schiller;SECURITY () LISTSERV EDUCAUSE EDU
Cc:
Subject: Re: [SECURITY] Enabling a job applicant to resume a submission later
One of the things that I work on at MIT is a web survey service. This
service permits people to revisit a survey and they will see their
previous answers. This is a very similar problem. Because these are
mostly "one time" surveys (we don't maintain a lasting relationship
with the people filling it out), we use an ad-hoc way of
authenticating them. In cases where we don't know who will visit, we
generate an access code that we give them (either on the first or last
page, or on both) which can be re-used to enter the same survey
instrument.
A solution I would propose for you would be to create a temporary
access code that is displayed on each page. For additional security
you can also prompt them for a user selected password (not displayed
on each page :-) ) to be used in addition to the access code. You can
then prompt them for an e-mail address to use to send a code reminder.
The trick here is that *if* they require their code mailed to them,
you remove sensitive information from their application at that time.
They then have to re-enter it when they re-visit. Some e-commerce
sites do this, when you request a password reset, your credit card
data is removed.
-Jeff
--
_______________________________________________________________________
Jeffrey I. Schiller
Information Services and Technology
Massachusetts Institute of Technology
77 Massachusetts Avenue Room N42-283
Cambridge, MA 02139-4307
617.253.0161 - Voice
jis () mit edu
http://jis.qyv.name
________________________________________________________________________
Current thread:
- Enabling a job applicant to resume a submission later Clifford Collins (Dec 15)
- Re: Enabling a job applicant to resume a submission later Julian Y. Koh (Dec 15)
- Re: Enabling a job applicant to resume a submission later Flynn, Gary - flynngn (Dec 15)
- Re: Enabling a job applicant to resume a submission later John Ladwig (Dec 15)
- Re: Enabling a job applicant to resume a submission later Allison F Dolan (Dec 15)
- Re: Enabling a job applicant to resume a submission later John Ladwig (Dec 15)
- Re: Enabling a job applicant to resume a submission later Jeffrey Schiller (Dec 15)
- Re: Enabling a job applicant to resume a submission later Russell Fulton (Dec 20)
- <Possible follow-ups>
- Re: Enabling a job applicant to resume a submission later John Ladwig (Dec 15)
- Re: Enabling a job applicant to resume a submission later Clifford Collins (Dec 16)