Educause Security Discussion mailing list archives
Authorizing password changes in a health science center
From: David Grisham <DGrisham () SALUD UNM EDU>
Date: Tue, 13 Feb 2007 13:40:21 -0700
The hospital has for a long time required a facsimile of the identification badge each time a password change is requested. It is a new century end programs like Photoshop presented a new risk to that process. We do not want to ask for personal information on any email or phone call request. (Our staff could be around others who might take advantage of that information, if overheard) We have added password challenge questions for half of our systems. The patient systems cannot be placed into a web page challenge at this time. What do your account groups do to verify the identity of some one needing a password change to systems with confidential information? Cheers. -grish David D. Grisham, Ph.D., CISM, CHS, CHSP Manager, IT Security, UNM Hospitals, Information Technology 1650 University Blvd, S.500, Albuquerque, NM 87102 Ph: (505) 272-5657 FAX 272-3305 Work email: dgrisham () salud unm edu Adjunct Faculty, Computer Science, UNM Academic & personal email: dave () unm edu
Current thread:
- Authorizing password changes in a health science center David Grisham (Feb 13)
- <Possible follow-ups>
- Re: Authorizing password changes in a health science center Penn, Blake (Feb 13)
- Re: Authorizing password changes in a health science center Steve Devoti (Feb 13)