Educause Security Discussion mailing list archives

Re: Automatic Password Resets

From: "Mclaughlin, Kevin (mclaugkl)" <mclaugkl () UCMAIL UC EDU>
Date: Tue, 30 Oct 2007 10:58:51 -0400

We are doing the same thing as Steve describes but are using Novell as our
password policy check, password safe and container of secret answer.



-Kevin





Kevin L. McLaughlin

CISM, CISSP, PMP, ITIL Master Certified

Director, Information Security

University of Cincinnati

513-556-9177 (w)

513-703-3211 (m)

513-558-ISEC (department)





 UC-Logo-800




CONFIDENTIALITY NOTICE: This e-mail message and its content is confidential,
intended solely for the addressee, and may be legally privileged. Access to
this message and its content by any individual or entity other than those
identified in this message is unauthorized. If you are not the intended
recipient, any disclosure, copying or distribution of this e-mail may be
unlawful. Any action taken or omitted due to the content of this message is
prohibited and may be unlawful.





From: Steve Schuster [mailto:sjs74 () CORNELL EDU]
Sent: Tuesday, October 30, 2007 9:21 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Automatic Password Resets



Connie,



            We are just now rolling out an on-line password reset feature.
We are asking people to establish a shared secret mechanism much in the way
eBay and others do it.  On our password management page there is an area
that will allow people to choose questions they want to answer.  When they
need to reset their password they are able to answer this page and answer
the questions they are prompted for.



            In process and application is home-grown and we're just now
starting to roll it out across campus.



sjs



Steve Schuster

Director, IT Security Office

Cornell University

sjs74 () cornell edu











On Oct 29, 2007, at 5:06 PM, Sadler, Connie wrote:





Is anyone doing automatic password resets? We're interested in minimizing
the numbers of calls in to our Help Desk - especially for the many
applicants who forget how to access our application initially - to get
started with Brown.



I know there are commercial products out there; do any of you have some
positive experience to share about what works for you - and if you use
something home-grown, I'd be interested in hearing about that as well.



Thanks much!



Connie



Connie J. Sadler, CM, CISSP, CISM, GIAC GSLC

IT Security Officer, Brown University

Campus Box 1885, Providence, RI 02912

Connie_Sadler () Brown edu,  Office: 401-863-7266

PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get
<http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x91E38EFB>
&search=0x91E38EFB

PGP Fingerprint: DA5F ED84 06D7 1635 4BC7 560D 9A07 80BA 91E3 8EFB

Attachment: smime.p7s
Description:

Current thread:

Automatic Password Resets Sadler, Connie (Oct 29)
- <Possible follow-ups>
- Re: Automatic Password Resets Torres, Juan (Oct 29)
- Re: Automatic Password Resets Steve Schuster (Oct 30)
- Re: Automatic Password Resets Mclaughlin, Kevin (mclaugkl) (Oct 30)