Educause Security Discussion mailing list archives

Re: self service password reset questions

From: Todd Britton <tbritton () LAVERNE EDU>
Date: Fri, 22 Oct 2010 07:41:43 -0700

Brian,

                We have instituted a 6 question panel, requiring 3 at one time to be answered correctly in order to 
reset one's password. These questions are of the student's own design; however, we provide guidance and suggest they 
use passwords that are easy for them to remember, but hard to guess by someone else.

Todd Britton - MBA, PMP, CISM, ITILv3F, MCSE, CGEIT
Director of Enterprise Applications
Information Security Officer
OIT Project Manager
University of La Verne
909-593-3511 x4234
tbritton () laverne edu

From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Kellogg, 
Brian D.
Sent: Friday, October 22, 2010 7:21 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] self service password reset questions

Just wondering what questions other Universities are using that have deployed a self service password reset portal?  
How many questions do you require students to answer in order to reset their passwords?  And any other relevant insight 
and wisdom would be appreciated as well.


Thanks,
Brian

Current thread:

self service password reset questions Kellogg, Brian D. (Oct 22)
- Re: self service password reset questions Todd Britton (Oct 22)
  - Re: self service password reset questions SCHALIP, MICHAEL (Oct 22)
    - Re: self service password reset questions Todd Britton (Oct 22)
    - Re: self service password reset questions Greg Williams (Oct 22)
    - Re: self service password reset questions SCHALIP, MICHAEL (Oct 22)
    - Re: self service password reset questions Kellogg, Brian D. (Oct 22)
- Re: self service password reset questions Harry Pontiff (Oct 22)