Educause Security Discussion mailing list archives
Re: Change Password on Next Login via Web
From: Oscar Knight <knightod () APPSTATE EDU>
Date: Wed, 27 Apr 2011 10:42:13 -0400
On 4/26/2011 9:19 PM, Matt Giannetto wrote:
Folks, We’re trying to improve our registration process via the web and are running into a roadblock. I’m hoping I can poll the group and find out how other schools are tackling this problem. ... We’re also looking for something that can help facilitate password expiration, such as emailing the user, "Your password will change in X number of days, please click here to change it". If it makes a difference, we also use Forefront Identity Management.
I don't think you want to send a link to your password management system in an email. You will be training your users to fall prey to phishing attempts. You will want your web based password management system to be well known and easily accessible from your default web pages. Train your users on how to access this facility up front. You can still send an email and you can tell them they need to visit the password management page, just don't put in a link. The following is just an idea. I welcome comments from others regarding it's sanity. With respect to your web based password management system, you could run a separate auth system. It could be anything, even ldap. You would keep this system in sync with your AD. The password management system would auth against this service. This is not simple and there are lots of potential problem areas. But it does add flexibility with respect to maintaining different states for users. I believe you get the most benefit from something like this when you have multiple other auth systems which also need syncing. Hope this helps, odk -- NOTE: ASU ITS will NEVER ask you for your password in an email! Oscar D. Knight knightod at appstate dot edu ITS Voice: 828-262-6946 Appalachian State University, Boone, NC 28608 FAX: 828-262-2236
Current thread:
- Change Password on Next Login via Web Matt Giannetto (Apr 26)
- Re: Change Password on Next Login via Web Dr. Wole Akpose (Apr 26)
- Re: Change Password on Next Login via Web Oscar Knight (Apr 27)