Educause Security Discussion mailing list archives
Re: Password - User Self Service Resets?
From: m-powe <m-powe () UMN EDU>
Date: Tue, 15 Mar 2005 10:07:07 CST
I would discourage the use of the SSN for authenticating the person or using any part of the SSN for the reset password. You can ask people to volunteer their SSN, but I do not believe you can require it for this business purpose. It's an issue for us, too, and we're moving toward collecting other data to aid in the authentication process. Mark Mark M. Powell Office of Information Technology OIT Data Security University of Minnesota 1300 S. 2nd Street, Room 548e Minneapolis, MN 55454 612-625-8598 952-237-0306 (cell) 612-625-0303 (fax) http://www.umn.edu/datasec/security Passwords are like toothbrushes--change them often and don't share them. ********** Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at http://www.educause.edu/groups/.
Current thread:
- Re: Password - User Self Service Resets? m-powe (Mar 15)
- <Possible follow-ups>
- Re: Password - User Self Service Resets? Dick Jacobson (Mar 16)
- Re: Password - User Self Service Resets? Jimmy L. Fikes (Mar 16)
- Re: Password - User Self Service Resets? Dave Koontz (Mar 16)