Educause Security Discussion mailing list archives

Re: Authentication of remote users

From: Chris Vakhordjian <chrisv () MAIL UCF EDU>
Date: Thu, 3 Jan 2008 16:00:19 -0500

Does anyone have a formal written policy or procedure they would like to share with everyone?

Thanks,


Chris Vakhordjian
Information Security Officer
UCF Computer Services & Telecommunications
www.infosec.ucf.edu
chrisv () mail ucf edu

Tom Peterson <Tom.Peterson () UNI EDU> 1/3/2008 3:32 PM >>>

We email or FAX for information..... then use our discretion.
-----------------------------------------------------------------------
Please supply the following information so that I can verify your
identity.  Once I receive this information I will reset your password
and send you the login information. 

University ID#
Username
Home Address
Local Address
Major
date of birth
name of High School attended
*Your name (First,Last)

*Required information

You must correctly match a minimum of four in order to get your
password reset.

----------------------------------------------------

Hope this is what you're looking for.

Tom

=======================================================================
   _/    _/   _/      _/  _/_/_/ | Tom Peterson  ITS - User Services
  _/    _/   _/_/  _/_/    _/    | Director, User Services
 _/    _/   _/  _/  _/    _/     | 36 ITTC (former East Gym)
_/   _/   _/    _/_/    _/       | Cedar Falls, IA 50614-0522
 _/_/_/   _/      _/  _/_/_/     | (319) 273-6460  fax: (319) 273-7518
                                 | Home Email: TomC.Peterson () gmail com 
  University of Northern Iowa    | WWW:    http://www.uni.edu/peterson 
  Email: Tom.Peterson () uni edu    | 
             WebAlbum: http://picasaweb.google.com/tomc.peterson 
=======================================================================



Gary Flynn said the following on 1/3/2008 11:40 AM:



Lets say you have a user that:

1) forgot their password
2) forgot their answers to their secret question(s)
3) is traveling making visiting the helpdesk impossible

Lets also say asking for last four digits of SSN is
not allowed.

How do you authenticate the identity of the user and
allow them to change their password?

Current thread:

Re: Authentication of remote users, (continued)
- Re: Authentication of remote users Bob Bayn (Jan 03)
- Re: Authentication of remote users Scott Fendley (Jan 03)
- Re: Authentication of remote users Kees Leune (Jan 03)
- Re: Authentication of remote users Christopher Webber (Jan 03)
- Re: Authentication of remote users Dave Mueller (Jan 03)
- Re: Authentication of remote users Hunt,Keith A (Jan 03)
- Re: Authentication of remote users Andrea Beesing (Jan 03)
- Re: Authentication of remote users Robert Paterson (Jan 03)
- Re: Authentication of remote users Scott Koger (Jan 03)
- Re: Authentication of remote users Tom Peterson (Jan 03)
- Re: Authentication of remote users Chris Vakhordjian (Jan 03)
- Re: Authentication of remote users Joel Rosenblatt (Jan 03)
- Re: Authentication of remote users Roger Safian (Jan 03)
- Re: Authentication of remote users charlie derr (Jan 03)
- Re: Authentication of remote users Roger Safian (Jan 03)
- Re: Authentication of remote users Cal Frye (Jan 03)
- Re: Authentication of remote users Doug Markiewicz (Jan 04)
- Re: Authentication of remote users Doug Markiewicz (Jan 04)
- Re: Authentication of remote users Gary Flynn (Jan 04)
- Re: Authentication of remote users Hunt,Keith A (Jan 04)
- Re: Authentication of remote users Joel Rosenblatt (Jan 04)

(Thread continues...)