Educause Security Discussion mailing list archives
Re: Use of PIN for Self Service Password Reset
From: Thomas Carter <tcarter () AUSTINCOLLEGE EDU>
Date: Wed, 3 Aug 2016 20:33:34 +0000
In a past life in the corporate world, we used base 32 (https://en.wikipedia.org/wiki/Base32) for easy OCR reading. The downside is communicating this to end users (I.E. the digit 1 will never occur because it’s too similar to the letter “eye” I. Thomas Carter Network & Operations Manager Austin College From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Frank Barton Sent: Wednesday, August 3, 2016 7:29 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Use of PIN for Self Service Password Reset One Caveat that I would strongly suggest if you are using an alphanumeric PIN (and I'm not sure if you mean One-Time-Password, or a user set PIN that can be used ad-nauseam to reset) is to avoid the use of confusing characters (Il1oO0) unless you can control the interface in such a way as to make them very clearly distinct (upper case "I" having the top and bottom cross-bars, "0" having a center diagonal, etc) Frank On Wed, Aug 3, 2016 at 7:52 AM, Steve Munson <smunson () marymount edu<mailto:smunson () marymount edu>> wrote: We are moving to a use of 4 character PIN for self service password reset and am interested to see what standards others have established for PINs. For example, we are considering setting the PIN requirement to be at least 2 characters and 2 numbers. We are planning to use alphanumeric PIN instead of numeric to provide opportunity for more PIN complexity versus numeric only but interested in feedback/perspective from this group. Regards, Steve Munson Executive Director, IT Services Marymount University Arlington, Virginia -- Frank Barton ACMT IT Systems Administrator Husson University
Current thread:
- Use of PIN for Self Service Password Reset Steve Munson (Aug 03)
- Re: Use of PIN for Self Service Password Reset Frank Barton (Aug 03)
- Re: Use of PIN for Self Service Password Reset Thomas Carter (Aug 03)
- Re: Use of PIN for Self Service Password Reset Steve Munson (Aug 03)
- Re: Use of PIN for Self Service Password Reset Frank Barton (Aug 04)
- Re: Use of PIN for Self Service Password Reset Thomas Carter (Aug 03)
- Re: Use of PIN for Self Service Password Reset Frank Barton (Aug 03)