Re: AD self service password reset ?

["Schumacher, Adam J." <adamschumacher () CREIGHTON EDU>]

We have a web-based self-service tool that I wrote and is integrated
with our self-service account management tools to allow users to reset
their own passwords.  It works similarly to some of the products others
have mentioned in that a user has to set up security questions, as well
as provide an alternate contact mechanism (cell phone or non-university
email).  When the user needs to reset his password, he answers the
questions and then a security code is sent via SMS or email to the
alternate contact.  The user then enters that number and is able to set
his own password.  

We have this system tied into the account creation/activation in that
any new student/faculty/staff/guest has to create this "security
profile" before being able to use her account for the first time.   It
works pretty well except for those people who aren't relatively new
and/or haven't set up their profile yet.  Nor does it work well for the
people who just want to call in.  We are still struggling with finding a
good way to validate a user's identity over the phone as there doesn't
seem to be a consistent set of data across all our users.....

> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Witmer, Robert
> Sent: Monday, March 07, 2011 09:43
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] AD self service password reset ?
>
> Anyone using a (shrink wrapped) AD self service password reset utility
for
> student, staff, & faculty accounts that would be willing to share
experiences,
> thoughts, etc?  Does it work with single sign on?  If so, home grown
or shrink
> wrapped?  Please contact me off-list if desired.
>
> Regards,
> Bob
>
>
>
> r.witmer () snhu edu
>
>
> Please consider the environment before printing this e-mail.