Educause Security Discussion mailing list archives
Re: Challenge/response questions?
From: "j.price" <j.price () DOMAIL MARICOPA EDU>
Date: Fri, 10 Apr 2009 17:37:20 -0700
Also remember that people are getting smarter and they don't answer the questions with the real information. I created standard answers to the questions that are asked most frequently and they have nothing to do with anything that can be associated with me. I encourage others to do the same.
Janet
Mike Waller wrote:
Many solutions these days let you build up a bank of standardized questions and then you ask the users to provide answers to five or so. This will sometimes include questions like mother's maiden, but when the users are asked to verify their identity, the tool will present them with a random sampling of 3 of their questions. In that case, knowing the answer to a couple of the questions doesn't necessarily get someone else into the account.On Fri, Apr 10, 2009 at 1:57 PM, Witmer, Robert <r.witmer () snhu edu <mailto:r.witmer () snhu edu>> wrote:There must be a better way! We have a customized single sign on solution and are looking at self service password resets from aweb page. Everything after authentication has been worked out. Currently we are thinking of using challenge/response typequestions to verify account ownership. However, either most of the information is available on line (mother’s maiden name = genealogy sites) or includes personally identifying information(SSN last 4) that we don’t collect and don’t want to use.Anyone have a better idea? If not, anyone have better challenge/response questions?Regards,Bob
-- Janet Price Information Technology Services Maricopa Community Colleges 2419 W 14th St Tempe Arizona, 85281 (480)731-8730 Confidentiality Notice: This e-mail and any files transmitted with it are private, confidential and solely for the use of the intended recipient. It may contain material that is legally privileged, proprietary or subject to copyright belonging to the Maricopa Community College District. If you are not the intended recipient, you are notified that any use, distribution or copying of the message is strictly prohibited and may subject you to criminal or civil penalties. If you received this transmission in error, please contact the sender immediately by replying to this e-mail and delete the material from any computer. Thank you.
Current thread:
- Challenge/response questions? Witmer, Robert (Apr 10)
- <Possible follow-ups>
- Re: Challenge/response questions? Mike Waller (Apr 10)
- Re: Challenge/response questions? Bob Bayn (Apr 10)
- Re: Challenge/response questions? Kevin Shalla (Apr 10)
- Re: Challenge/response questions? McCrary, Barbara (Apr 10)
- Re: Challenge/response questions? j.price (Apr 10)
- Re: Challenge/response questions? Dave Ferguson (Apr 13)
- Re: Challenge/response questions? Schumacher, Adam J (Apr 13)
- Re: Challenge/response questions? Gary Flynn (Apr 14)
- Re: Challenge/response questions? Gary Flynn (Apr 14)
- Re: Challenge/response questions? Gary Flynn (Apr 14)
- Re: Challenge/response questions? Gary Flynn (Apr 14)
- Re: Challenge/response questions? Bob Bayn (Apr 14)
- Re: Challenge/response questions? Gary Flynn (Apr 14)
- Re: Challenge/response questions? Charles Buchholtz (Apr 14)
- Re: Challenge/response questions? Gary Flynn (Apr 14)
(Thread continues...)