Security Basics mailing list archives
FW: Self Service Password Resets
From: kevin fielder <kevin.fielder () gmail com>
Date: Wed, 8 Apr 2009 00:23:30 +0100
Hi Josh Depending on your budget, I would take a look at Citrix Password Manager. We recently evaluated this product and it likely meets your needs. Users can be allowed to reset their passwords based on answering a selection of pre-answered questions (e.g. mother maiden name, first pet or whatever). You can configure the system to ask as many or few of these questions, they can be set or the users can choose the questions they want from a lit etc. The application does quite a bit more including allowing single sign on to most applications etc so may be more than you need, but we found it worked very well and was relatively easy to configure in our environment. Just for clarity - I am in no way associated with Citrix or this product, this is purely based on our recent evaluation of the product :) cheers K -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Siscar, Emerson E. Sent: 07 April 2009 03:48 To: Mailvaganam, Hari; Campbell, Josh; security-basics () securityfocus com Subject: RE: Self Service Password Resets Hi, You may also want to evaluate/consider protocom SSPR. For our university, we developed our own self service password reset to reduce support request. Thanks Emerson E. Siscar External Operations Group Head IT Center For technical questions and concerns, contact ITC Service Desk at the following: DLS-CSB Taft: 5267441 loc 272 DLS-CSB SDA: 5366752 loc 272 DLS-CSB AKIC: 5238888 loc 272 email: helpdesk () dls-csb edu ph "ITC is a group of highly specialized IT professionals committed to provide quality facilities and services to enhance the administrative and learning operations of the College." -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Mailvaganam, Hari Sent: Friday, April 03, 2009 2:08 AM To: Campbell, Josh; security-basics () securityfocus com Subject: RE: Self Service Password Resets Hi Josh: Suggestion: Account holders could answer challenge questions online prior to granting privilege to reset password. Depending on your security level the type and number of challenge questions can be varied. Some institutions require RSA keyfobs (potentially costly; maybe restricted to subset of users). Best regards, Hari -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Campbell, Josh Sent: March 31, 2009 7:46 AM To: 'security-basics () securityfocus com' Subject: Self Service Password Resets Hello list, I work for a public university and my manager has asked me to look into a self service password reset solution. We have many employees that do not work on campus or even in the same state (adjunct professors). Currently when they forget their password we have them go through several hoops to get their password reset, including faxing over some ID and having their department head contact us. This was originally designed to be a hassle in hopes that we wouldn't get very many "repeat customers" for forgetting their passwords. Anywho, I was wondering what solutions other people out there are using for this type of thing? Ideally we would like something that a user could go to from their web browser at home or any computer not on our network and they would be forced to answer a series of challenge questions (I know this brings up the point of them forgetting the challenge questions too but let's not even go there). We use MS Active Directory so that would also be a requirement for the solution. Thanks in advance! -Josh C ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute No time or budget for traveling to a training course in this fiscal year? Check out the online information security courses available at InfoSec Institute. More than a boring "talking head", train in our virtual labs for a total hands-on training experience. Get the certs you need: CEH, CPT, CEPT, CISA, CISSP, CISM http://www.infosecinstitute.com/request_online_training.html ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute No time or budget for traveling to a training course in this fiscal year? Check out the online information security courses available at InfoSec Institute. More than a boring "talking head", train in our virtual labs for a total hands-on training experience. Get the certs you need: CEH, CPT, CEPT, CISA, CISSP, CISM http://www.infosecinstitute.com/request_online_training.html ------------------------------------------------------------------------ ****************************************************** DLS-CSB LEGAL CONFIDENTIAL This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If the reader of this email is not the intended recipient or the employee or agent responsible for delivering it to the intended recipient, any dissemination, publication or copying of this e-mail is strictly prohibited. If you have received it in error, please notify the sender immediately and delete the original message. The sender does not accept any responsibility for any loss, disruption or damage to your data or computer system that may occur while using data contained in, or transmitted with, this e-mail. Any other use of the e-mail by you is prohibited. ****************************************************** ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------ ------------------------------------------------------------------------ This list is sponsored by: InfoSec Institute Need to pass the CISSP? InfoSec Institute's CISSP Boot Camp in both Instructor-Led and Online formats is the most concentrated exam prep available. Comprehensive course materials and an expert instructor means you pass the exam. Gain a laser like insight into what is covered on the exam, with zero fluff! http://www.infosecinstitute.com/courses/cissp_bootcamp_training.html ------------------------------------------------------------------------
Current thread:
- Self Service Password Resets Campbell, Josh (Apr 02)
- Re: Self Service Password Resets A K (Apr 03)
- RE: Self Service Password Resets Campbell, Josh (Apr 03)
- RE: Self Service Password Resets Mailvaganam, Hari (Apr 03)
- RE: Self Service Password Resets Siscar, Emerson E. (Apr 07)
- RE: Self Service Password Resets Daniel A. O'Neal (Apr 06)
- RE: Self Service Password Resets Craig Gee (Apr 06)
- RE: Self Service Password Resets JamesCHanlon (Apr 06)
- <Possible follow-ups>
- FW: Self Service Password Resets kevin fielder (Apr 08)
- Re: Self Service Password Resets A K (Apr 03)