Educause Security Discussion mailing list archives
Re: Automatic Password Resets
From: "Mclaughlin, Kevin (mclaugkl)" <mclaugkl () UCMAIL UC EDU>
Date: Tue, 30 Oct 2007 10:58:51 -0400
We are doing the same thing as Steve describes but are using Novell as our password policy check, password safe and container of secret answer. -Kevin Kevin L. McLaughlin CISM, CISSP, PMP, ITIL Master Certified Director, Information Security University of Cincinnati 513-556-9177 (w) 513-703-3211 (m) 513-558-ISEC (department) UC-Logo-800 CONFIDENTIALITY NOTICE: This e-mail message and its content is confidential, intended solely for the addressee, and may be legally privileged. Access to this message and its content by any individual or entity other than those identified in this message is unauthorized. If you are not the intended recipient, any disclosure, copying or distribution of this e-mail may be unlawful. Any action taken or omitted due to the content of this message is prohibited and may be unlawful. From: Steve Schuster [mailto:sjs74 () CORNELL EDU] Sent: Tuesday, October 30, 2007 9:21 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Automatic Password Resets Connie, We are just now rolling out an on-line password reset feature. We are asking people to establish a shared secret mechanism much in the way eBay and others do it. On our password management page there is an area that will allow people to choose questions they want to answer. When they need to reset their password they are able to answer this page and answer the questions they are prompted for. In process and application is home-grown and we're just now starting to roll it out across campus. sjs Steve Schuster Director, IT Security Office Cornell University sjs74 () cornell edu On Oct 29, 2007, at 5:06 PM, Sadler, Connie wrote: Is anyone doing automatic password resets? We're interested in minimizing the numbers of calls in to our Help Desk - especially for the many applicants who forget how to access our application initially - to get started with Brown. I know there are commercial products out there; do any of you have some positive experience to share about what works for you - and if you use something home-grown, I'd be interested in hearing about that as well. Thanks much! Connie Connie J. Sadler, CM, CISSP, CISM, GIAC GSLC IT Security Officer, Brown University Campus Box 1885, Providence, RI 02912 Connie_Sadler () Brown edu, Office: 401-863-7266 PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get <http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x91E38EFB> &search=0x91E38EFB PGP Fingerprint: DA5F ED84 06D7 1635 4BC7 560D 9A07 80BA 91E3 8EFB
Attachment:
smime.p7s
Description:
Current thread:
- Automatic Password Resets Sadler, Connie (Oct 29)
- <Possible follow-ups>
- Re: Automatic Password Resets Torres, Juan (Oct 29)
- Re: Automatic Password Resets Steve Schuster (Oct 30)
- Re: Automatic Password Resets Mclaughlin, Kevin (mclaugkl) (Oct 30)