Educause Security Discussion mailing list archives
Challenge Questions
From: Lynn Dorendorf <Lynn.Dorendorf () EMICH EDU>
Date: Thu, 18 Jan 2007 15:47:34 -0500
At Eastern Michigan University we have implemented an Identity Management System that allows self serve password reset using Challenge Questions. The problems is that our help desk staff is still getting a large number of passwords resets. To set up the challenge questions, we have three administrative questions and two user supplied questions. In order to reset your password you must answer one administrative questions and one user question correctly. We have taken the approach that the administrative questions must be something that the student's parents would not know so they needed to be a little vague (Industry challenge question might be: What is your birth date? Our questions What is a memorable date for you?) Our questions are: 1) Do you use Challenge Questions? If so what are they and how many do students need to answer correctly? 2) Were your challenge questions designed with the intent that the student only (not parents) should know the answers? 3) How successful are you at having students use Challenge Questions to reset their passwords? 4) If you do not use Challenge Questions, what other methods are you using to reset passwords? Lynn Dorendorf Director IT Security Eastern Michigan University 734.487.0101
Current thread:
- Challenge Questions Lynn Dorendorf (Jan 18)