Educause Security Discussion mailing list archives
Re: Challenge/response questions?
From: Dave Ferguson <gmdavef () GMAIL COM>
Date: Mon, 13 Apr 2009 08:20:48 -0500
You might take a look at this white paper. http://www.fishnetsecurity.com/sites/com.fishnetsecurity/downloads/Forgot_Password_Best_Practices_v2.0.pdf On Fri, Apr 10, 2009 at 12:57 PM, Witmer, Robert <r.witmer () snhu edu> wrote:
There must be a better way! We have a customized single sign on solution and are looking at self service password resets from a web page. Everything after authentication has been worked out. Currently we are thinking of using challenge/response type questions to verify account ownership. However, either most of the information is available on line (mother’s maiden name = genealogy sites) or includes personally identifying information (SSN last 4) that we don’t collect and don’t want to use. Anyone have a better idea? If not, anyone have better challenge/response questions? Regards, Bob
Current thread:
- Challenge/response questions? Witmer, Robert (Apr 10)
- <Possible follow-ups>
- Re: Challenge/response questions? Mike Waller (Apr 10)
- Re: Challenge/response questions? Bob Bayn (Apr 10)
- Re: Challenge/response questions? Kevin Shalla (Apr 10)
- Re: Challenge/response questions? McCrary, Barbara (Apr 10)
- Re: Challenge/response questions? j.price (Apr 10)
- Re: Challenge/response questions? Dave Ferguson (Apr 13)
- Re: Challenge/response questions? Schumacher, Adam J (Apr 13)
- Re: Challenge/response questions? Gary Flynn (Apr 14)
- Re: Challenge/response questions? Gary Flynn (Apr 14)
- Re: Challenge/response questions? Gary Flynn (Apr 14)
- Re: Challenge/response questions? Gary Flynn (Apr 14)
- Re: Challenge/response questions? Bob Bayn (Apr 14)
- Re: Challenge/response questions? Gary Flynn (Apr 14)
- Re: Challenge/response questions? Charles Buchholtz (Apr 14)
- Re: Challenge/response questions? Gary Flynn (Apr 14)
- Re: Challenge/response questions? Leon DuPree (Apr 14)
(Thread continues...)