Educause Security Discussion mailing list archives
Re: Enabling a job applicant to resume a submission later
From: John Ladwig <John.Ladwig () CSU MNSCU EDU>
Date: Wed, 15 Dec 2010 21:54:00 -0600
I'm toying with some similar strategies, in re: smashing privs down on PW reset and requiring other processes to fully reinstate privileges. I like collapsing username/password into an authcode. I also like your nuance of data deletion, but am concerned about user experience overall. So many of my clever designs fail hard on the grandma scenario. Which is a related case to the Busy Bright Young Thing who is our desired customer/community member in Higher Ed. -jml -----Original Message----- From: Jeffrey Schiller Sent: 2010-12-15 19:32:07 To: Jeffrey Schiller;SECURITY () LISTSERV EDUCAUSE EDU Cc: Subject: Re: [SECURITY] Enabling a job applicant to resume a submission later One of the things that I work on at MIT is a web survey service. This service permits people to revisit a survey and they will see their previous answers. This is a very similar problem. Because these are mostly "one time" surveys (we don't maintain a lasting relationship with the people filling it out), we use an ad-hoc way of authenticating them. In cases where we don't know who will visit, we generate an access code that we give them (either on the first or last page, or on both) which can be re-used to enter the same survey instrument. A solution I would propose for you would be to create a temporary access code that is displayed on each page. For additional security you can also prompt them for a user selected password (not displayed on each page :-) ) to be used in addition to the access code. You can then prompt them for an e-mail address to use to send a code reminder. The trick here is that *if* they require their code mailed to them, you remove sensitive information from their application at that time. They then have to re-enter it when they re-visit. Some e-commerce sites do this, when you request a password reset, your credit card data is removed. -Jeff -- _______________________________________________________________________ Jeffrey I. Schiller Information Services and Technology Massachusetts Institute of Technology 77 Massachusetts Avenue Room N42-283 Cambridge, MA 02139-4307 617.253.0161 - Voice jis () mit edu http://jis.qyv.name ________________________________________________________________________
Current thread:
- Enabling a job applicant to resume a submission later Clifford Collins (Dec 15)
- Re: Enabling a job applicant to resume a submission later Julian Y. Koh (Dec 15)
- Re: Enabling a job applicant to resume a submission later Flynn, Gary - flynngn (Dec 15)
- Re: Enabling a job applicant to resume a submission later John Ladwig (Dec 15)
- Re: Enabling a job applicant to resume a submission later Allison F Dolan (Dec 15)
- Re: Enabling a job applicant to resume a submission later John Ladwig (Dec 15)
- Re: Enabling a job applicant to resume a submission later Jeffrey Schiller (Dec 15)
- Re: Enabling a job applicant to resume a submission later Russell Fulton (Dec 20)
- <Possible follow-ups>
- Re: Enabling a job applicant to resume a submission later John Ladwig (Dec 15)
- Re: Enabling a job applicant to resume a submission later Clifford Collins (Dec 16)