Educause Security Discussion mailing list archives

Challenge/response questions?

From: "Witmer, Robert" <r.witmer () SNHU EDU>
Date: Fri, 10 Apr 2009 13:57:31 -0400

There must be a better way!  We have a customized single sign on solution and are looking at self service password 
resets from a web page.  Everything after authentication has been worked out.  Currently we are thinking of using 
challenge/response type questions to verify account ownership.  However, either most of the information is available on 
line (mother's maiden name = genealogy sites) or includes personally identifying information (SSN last 4) that we don't 
collect and don't want to use.

Anyone have a better idea?  If not, anyone have better challenge/response questions?

Regards,
Bob

Current thread:

Challenge/response questions? Witmer, Robert (Apr 10)
- <Possible follow-ups>
- Re: Challenge/response questions? Mike Waller (Apr 10)
- Re: Challenge/response questions? Bob Bayn (Apr 10)
- Re: Challenge/response questions? Kevin Shalla (Apr 10)
- Re: Challenge/response questions? McCrary, Barbara (Apr 10)
- Re: Challenge/response questions? j.price (Apr 10)
- Re: Challenge/response questions? Dave Ferguson (Apr 13)
- Re: Challenge/response questions? Schumacher, Adam J (Apr 13)
- Re: Challenge/response questions? Gary Flynn (Apr 14)
- Re: Challenge/response questions? Gary Flynn (Apr 14)
- Re: Challenge/response questions? Gary Flynn (Apr 14)

(Thread continues...)