Educause Security Discussion mailing list archives
Re: [Spam ??, Use Caution] Re: Challenge/response questions?
From: "Witmer, Robert" <r.witmer () SNHU EDU>
Date: Wed, 15 Apr 2009 08:45:11 -0400
Thanks to all for the suggestions and resource links. Regards, Bob -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Gary Flynn Sent: Tuesday, April 14, 2009 5:05 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [Spam ??, Use Caution] Re: [SECURITY] Challenge/response questions? Importance: Low Dave Ferguson wrote:
You might take a look at this white paper. http://www.fishnetsecurity.com/sites/com.fishnetsecurity/downloads/Forgot_Password_Best_Practices_v2.0.pdf
Here are some more resources (though these days I hate providing PDF links): Designing Authentication Systems with Challenge Questions http://hornbeam.cs.ucl.ac.uk/hcs/teaching/GA10/lec5extra/ch08just.pdf Tips for Avoiding Bad Questions http://securityps.infosecmedia.com/whitepapers/TipsforAvoidingBadQuestions.pdf Good Security Questions web site http://goodsecurityquestions.com -- Gary Flynn Security Engineer James Madison University www.jmu.edu/computing/security
Current thread:
- Re: [Spam ??, Use Caution] Re: Challenge/response questions? Witmer, Robert (Apr 15)