Educause Security Discussion mailing list archives

Re: Challenge/response questions?

From: "McCrary, Barbara" <bmccrary () OGSLP ORG>
Date: Fri, 10 Apr 2009 17:48:58 -0500

I like ones like What is your favorite hobby, your favorite sport, your
favorite type of music, your favorite ice cream flavor, color etc.   


Note:  This communication and attachments, if any, are intended solely
for the use of the addressee hereof.  In addition, this information and
attachments, if any, may contain information that is confidential,
privileged and exempt from disclosure under applicable law.  If you are
not the intended recipient of this information, you are prohibited from
reading, disclosing, reproducing, distributing, disseminating, or
otherwise using this information.  If you have received this message in
error, please promptly notify the sender and immediately, delete this
communication from your system.


-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv
[mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kevin Shalla
Sent: Friday, April 10, 2009 3:46 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: [SECURITY] Challenge/response questions?

Something that can be useful to ask is some information on academic
data, like Who are all your professors this term?
What was your ACT score?
Who submitted a letter of recommendation for admission?

Of course this depends upon access to this information in some campus
database.

At 12:57 PM 4/10/2009, Witmer, Robert wrote:

There must be a better way!  We have a customized single sign on 
solution and are looking at self service password resets from a web 
page.  Everything after authentication has been worked out.  Currently 
we are thinking of using challenge/response type questions to verify 
account ownership.  However, either most of the information is 
available on line (mother's maiden name = genealogy
sites) or includes personally identifying information (SSN last 4) that

we don't collect and don't want to use.

Anyone have a better idea?  If not, anyone have better 
challenge/response questions?

Regards,
Bob

Current thread:

Challenge/response questions? Witmer, Robert (Apr 10)
- <Possible follow-ups>
- Re: Challenge/response questions? Mike Waller (Apr 10)
- Re: Challenge/response questions? Bob Bayn (Apr 10)
- Re: Challenge/response questions? Kevin Shalla (Apr 10)
- Re: Challenge/response questions? McCrary, Barbara (Apr 10)
- Re: Challenge/response questions? j.price (Apr 10)
- Re: Challenge/response questions? Dave Ferguson (Apr 13)
- Re: Challenge/response questions? Schumacher, Adam J (Apr 13)
- Re: Challenge/response questions? Gary Flynn (Apr 14)
- Re: Challenge/response questions? Gary Flynn (Apr 14)
- Re: Challenge/response questions? Gary Flynn (Apr 14)
- Re: Challenge/response questions? Gary Flynn (Apr 14)
- Re: Challenge/response questions? Bob Bayn (Apr 14)
- Re: Challenge/response questions? Gary Flynn (Apr 14)
- Re: Challenge/response questions? Charles Buchholtz (Apr 14)

(Thread continues...)