Educause Security Discussion mailing list archives
Re: Password Self-Service software
From: "Ness, Carl J" <carl-ness () UIOWA EDU>
Date: Thu, 12 Feb 2009 11:12:24 -0600
One thing to add to your requirements list is the ability to limit responses of these systems much like account lockout. These password reset systems are an increasingly larger target, ever since the Sara Palin Yahoo incident. Many password reset systems are more than happy to be brute-forced. Best, Carl Carl J. Ness, M.S., CISSP Senior Security Analyst CIO Office, University of Iowa -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Greg Francis Sent: Tuesday, February 10, 2009 3:18 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Password Self-Service software Hello, We're wanting to implement a password self-service site for our users. I'm wondering what others are using. We're using AD for our back-end authentication. We have about 7500 students and employees and about 20,000 alumni accounts which receive relatively casual use. Here are the things that we're looking for: 1) Reset password using some sort of question/answer module 2) Allow pre-population of questions/answers would be desirable 3) Being able to send a one-time, expiring, password would be nice 4) Logging, logging, logging 5) We'll likely develop our own account provisioning but would like it to tie into this system for initial password connectivity 6) Enforcement of password rules 7) Notification to users when their password is about to expire I've been looking at Password Manager from Quest but would like to hear suggestions from others. Thanks, Greg Greg Francis Director, Central Computing and Network Support Services Information Technology Services Gonzaga University 509-313-6896 francis () gonzaga edu
Current thread:
- Password Self-Service software Greg Francis (Feb 10)
- <Possible follow-ups>
- Re: Password Self-Service software Christopher Jones (Feb 10)
- Re: Password Self-Service software Tupker, Mike (Feb 10)
- Re: Password Self-Service software Mark Houpt (Feb 10)
- Re: Password Self-Service software Adam Richard (Feb 10)
- Re: Password Self-Service software Dexter Caldwell (Feb 10)
- Re: Password Self-Service software Rob Whalen (Feb 10)
- Re: Password Self-Service software Rob Whalen (Feb 11)
- Re: Password Self-Service software Ness, Carl J (Feb 12)
- Re: Password Self-Service software Chancellor, Beth C. (Feb 17)
- Re: Password Self-Service software Gary Dobbins (Feb 17)
- Re: Password Self-Service software Chancellor, Beth C. (Feb 17)
- Re: Password Self-Service software Alex (Feb 17)
- Re: Password Self-Service software John Ladwig (Feb 17)
- Re: Password Self-Service software jack suess (Feb 17)