Re: Passowrd - User Self Service Resets?

["Lucas, Bryan" <b.lucas () TCU EDU>]

No problem, use:

UID: zblucas2
PW: tcu.edu99

Just re-enroll the account an pick new questions, let me know when
you're done.

Bryan Lucas
Server Administrator
Texas Christian University
(817) 257-6971

-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Chris Boniforti -
Lynn University
Sent: Thursday, March 17, 2005 11:08 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Passowrd - User Self Service Resets?

Hi Byran

Thanks...i will have my team look at it...may save time...let me know if
I can have a guest or test account

Christian Boniforti
Director of Information Technology
Lynn University
3601 N. Military Trail
Boca Raton, FL 33431
(O) 561.237.7163
(F) 561.237.7115
(C) 561.703.6130

-----Original Message-----
From: Lucas, Bryan [mailto:b.lucas () TCU EDU] 
Sent: Monday, March 14, 2005 10:06 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Passowrd - User Self Service Resets?

Christian, 

Really, I don't work on commission for Anixis, but it was very
inexpensive. For that price versus in-house development (and we do a lot
of dev work), it just made more sense to purchase it.  It couldn't have
been any easier to implement.  Just trying to save you some time.  

Bryan Lucas
Server Administrator
Texas Christian University
(817) 257-6971

-----Original Message-----
From: The EDUCAUSE Security Discussion Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Chris Boniforti -
Lynn University
Sent: Monday, March 14, 2005 5:10 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Passowrd - User Self Service Resets?

Dave,

We are looking to build something similar for our students.  We are
going to build it against a windows 2003 domain.  We are adding Custom
fields or attributes to 2003 such things like DOB and Student ID

We are going to ask for FirstName, LastName, DOB, and Student ID.  We
will display the students NetID (we use FirstInitial+FullLastName, if
dups occur we add N+1 at the end of NetID) and email address.  At this
time we will allow the student to create password as well as a security
clue.  We will ask to pick from three questions

1.  What is mother's maiden name?
2.  What is pets name?
3.  What is city of birth?

This will be used to reset password....I will let you know how it
goes...we are looking to deploy this for Summer 2005

Christian Boniforti
Director of Information Technology
Lynn University
3601 N. Military Trail
Boca Raton, FL 33431
(O) 561.237.7163
(F) 561.237.7115
(C) 561.703.6130

-----Original Message-----
From: Dave Koontz [mailto:dkoontz () MBC EDU] 
Sent: Monday, March 14, 2005 2:14 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Passowrd - User Self Service Resets?

We have been asked to explore and evaluate programs which provide users
with
a "Self Service" password reset mechanism via a Web Page.  This is
because
of an increasing number of our students who either forget their
passowrds,
or set their browser to "remember" their password and don't have a clue
what
it is when change time comes, causing more and more work for our
helpdesk.

Has anyone written such a Web Program for allowing users to reset their
own
passwords against a Windows 2003 AD Domain that they could share?
Retail
products seem to be extremely over-priced.  If you have found a
reasonably
priced, well designed retail product please share any details.

Also, it has been suggested that the only information we need to collect
from a user via a web form to reset their account is the Network
UserName,
College ID Number and the last 4 digits of their social security
numbers.
This concerns me because all the information necessary to reset a
password
is in a users wallet / purse, which of course could be lost.  Also, this
information is readily available to any of our faculty and staff via our
Administrative software.  Do anyone of you reset passwords with only
this
data?

Would anyone be willing to share what they belive should be the
MININIMUM
Data collection requirements?  And how do you force users to go though a
registration process to populate the Password Reset system?  I would
like to
go to management with some 'from the field' reports of what others are
doing.

Thanks in Advance!

---
Dave Koontz
Associate Director, CIS
Mary Baldwin College
Staunton, VA

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Discussion
Group discussion list can be found at http://www.educause.edu/groups/.

**********
Participation and subscription information for this EDUCAUSE Discussion Group discussion list can be found at 
http://www.educause.edu/groups/.