Re: Challenge/response questions?

["j.price" <j.price () DOMAIL MARICOPA EDU>]

Also remember that people are getting smarter and they don't answer the 
questions with the real information. I created standard answers to the 
questions that are asked most frequently and they have nothing to do 
with anything that can be associated with me. I encourage others to do 
the same.

Janet 

Mike Waller wrote:
> Many solutions these days let you build up a bank of standardized 
> questions and then you ask the users to provide answers to five or so. 
> This will sometimes include questions like mother's maiden, but when 
> the users are asked to verify their identity, the tool will present 
> them with a random sampling of 3 of their questions. In that case, 
> knowing the answer to a couple of the questions doesn't necessarily 
> get someone else into the account.
>
> On Fri, Apr 10, 2009 at 1:57 PM, Witmer, Robert <r.witmer () snhu edu 
> <mailto:r.witmer () snhu edu>> wrote:
>
>     There must be a better way!  We have a customized single sign on
>     solution and are looking at self service password resets from a
>     web page.  Everything after authentication has been worked out. 
>     Currently we are thinking of using challenge/response type
>     questions to verify account ownership.  However, either most of
>     the information is available on line (mother’s maiden name =
>     genealogy sites) or includes personally identifying information
>     (SSN last 4) that we don’t collect and don’t want to use. 
>
>      
>
>     Anyone have a better idea?  If not, anyone have better
>     challenge/response questions?
>
>      
>
>     Regards,
>     Bob  

--
Janet Price
Information Technology Services
Maricopa Community Colleges
2419 W 14th St
Tempe Arizona, 85281
(480)731-8730

Confidentiality Notice: This e-mail and any files transmitted with it are private, confidential and solely for the use 
of the intended recipient.  It may contain material that is legally privileged, proprietary or subject to copyright 
belonging to the Maricopa Community College District.  If you are not the intended recipient, you are notified that any 
use, distribution or copying of the message is strictly prohibited and may subject you to criminal or civil penalties. 
If you received this transmission in error, please contact the sender immediately by replying to this e-mail and delete 
the material from any computer. Thank you.