Educause Security Discussion mailing list archives
Re: Self service password reset tools
From: Doug Markiewicz <dmarkiew+educause () ANDREW CMU EDU>
Date: Thu, 31 Mar 2011 08:26:34 -0400
I wanted to see if anyone is using self service password reset tools in your organization, I am particularly interested in implementations for enterprise directory structures, whether if it is AD, Novell, Open Directory, or others. If possible, please share your
experience of the tool used.
Further, I am interested to find out how are you verifying the identity of the person performing a password reset. Thank you in advance for your help.
We are using a self service password reset tool that is part of our Sun/Oracle IdM product. It then talks out to Kerberos and AD. The product is somewhat limited in terms of capabilities. We have it configured so that a user must answer 3 personalized questions in order to reset their password. We have some other controls in place to help reduce the risk of attack. Happy to discuss those offline. It could certainly be better, but so could most things. FWIW, Go VCU! :-)
Current thread:
- Student breaking IT policies Mark Reboli (Mar 18)
- Re: Student breaking IT policies Radford, Jennifer (Mar 18)
- FW: Student breaking IT policies Radford, Jennifer (Mar 18)
- Re: Student breaking IT policies Lorenz, Eva (Mar 18)
- Self service password reset tools Dan Han/HSC/VCU (Mar 30)
- Re: Self service password reset tools Doug Markiewicz (Mar 31)
- Re: Self service password reset tools Childs, Aaron (Mar 31)
- Re: Self service password reset tools Gallese, Brady T. (Mar 31)
- Re: Self service password reset tools Dr. Wole Akpose (Mar 31)
- Re: Self service password reset tools Michael Horne (Mar 31)
- FW: Student breaking IT policies Radford, Jennifer (Mar 18)
- Re: Student breaking IT policies Joel Rosenblatt (Mar 18)
- Re: Student breaking IT policies Joel Rosenblatt (Mar 18)
- Re: Student breaking IT policies Radford, Jennifer (Mar 18)
- Re: Student breaking IT policies randy marchany (Mar 21)