Re: Self Service Password Reset

["Schumacher, Adam J." <adamschumacher () CREIGHTON EDU>]

Maybe I am missing something obvious, but why would you want to exclude users from being able to reset their own 
password?  Our self-service requires "multi-factor" authentication (answer security questions & access to external 
email account or cell phone), and unless the user has not provided the required information (or doesn't remember what 
it was), she should be able to reset the password.  We encourage this as much as possible, as it reduces the load on 
the HD.  Even if the customer calls the help desk and needs some kind of manual intervention (forgot answers, never set 
it up, etc), they will walk her through setting up and using the self-service tools so that next time maybe she will 
not need to call.

::Adam

> -----Original Message-----
> From: The EDUCAUSE Security Constituent Group Listserv
> [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Shawn Kohrman
> Sent: Tuesday, July 03, 2012 15:32
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] Self Service Password Reset
>
> For those of you who have self service password reset tools, do you maintain
> a list of users who are excluded from using the tool?  If so, how did you go
> about establishing your criteria?
>
> Shawn
>
> -----
> Shawn A. Kohrman, Security Architect
>
>
> Azusa Pacific University
> Information & Media Technology
> 901 E. Alosta Ave., PO Box 7000
> Azusa, CA 91702-7000
>
> P:  626.815.2054 | F:  626.815.2061 | http://www.apu.edu/
> -----