Re: Self Service Password Reset

[Andrew Calcutt <acalcutt () WORCESTER EDU>]

We currently have a web based password reset form. We have a single sign on
environment(using active directory).



To reset a password the user either needs their old username and password or
they can enter some information (ID#, Last four digits of SSN, and Date of
birth). If the users password has already expired they have to use the
information(ID#, Last four digits of SSN, and Date of

birth) method. We use ID, SSN and DOB because it is information that is
taken in on registration(We considered using security question but to do
that we would first need to collect all that information)



We have a policy in place that we are not allowed to give out passwords(or
reset them) over the phone, so if a user is unable to log on they can either
come to our helpdesk to get the password reset or have their password snail
mailed to them.



We are also using gmail for our students. When a user sets their password
using the webform it changes it in active directory and also uses the gmail
API to change their password on gmail(used for imap, pop, chat, etc)



Hope this helps.



Andrew Calcutt

Information Technologies

Worcester State College