Educause Security Discussion mailing list archives
Re: Self Service Password Reset
From: Andrew Calcutt <acalcutt () WORCESTER EDU>
Date: Wed, 4 Feb 2009 14:32:04 -0500
We currently have a web based password reset form. We have a single sign on environment(using active directory). To reset a password the user either needs their old username and password or they can enter some information (ID#, Last four digits of SSN, and Date of birth). If the users password has already expired they have to use the information(ID#, Last four digits of SSN, and Date of birth) method. We use ID, SSN and DOB because it is information that is taken in on registration(We considered using security question but to do that we would first need to collect all that information) We have a policy in place that we are not allowed to give out passwords(or reset them) over the phone, so if a user is unable to log on they can either come to our helpdesk to get the password reset or have their password snail mailed to them. We are also using gmail for our students. When a user sets their password using the webform it changes it in active directory and also uses the gmail API to change their password on gmail(used for imap, pop, chat, etc) Hope this helps. Andrew Calcutt Information Technologies Worcester State College
Current thread:
- Self Service Password Reset Di Fabio, Andrea (Feb 04)
- <Possible follow-ups>
- Re: Self Service Password Reset Cal Frye (Feb 04)
- Re: Self Service Password Reset Andrew Calcutt (Feb 04)
- Re: Self Service Password Reset Schumacher, Adam J (Feb 05)