Educause Security Discussion mailing list archives
Re: Self Service Password Reset
From: "Witmer, Robert" <r.witmer () SNHU EDU>
Date: Fri, 6 Jul 2012 08:20:10 -0400
We have certain accounts in which the password can't be reset via SSPR. Most higher level accounts (admin/service accts/etc) are excluded from the password reset utility and must be reset "from the inside." Otherwise, SSPR works well as we have an "opt in" approach and educate users on why they should participate. Our Help Desk assists users as Adam mentions below, but they first confirm identity via impromptu challenge questions from our SIS. Bob -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Schumacher, Adam J. Sent: Thursday, July 05, 2012 6:38 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Self Service Password Reset Maybe I am missing something obvious, but why would you want to exclude users from being able to reset their own password? Our self-service requires "multi-factor" authentication (answer security questions & access to external email account or cell phone), and unless the user has not provided the required information (or doesn't remember what it was), she should be able to reset the password. We encourage this as much as possible, as it reduces the load on the HD. Even if the customer calls the help desk and needs some kind of manual intervention (forgot answers, never set it up, etc), they will walk her through setting up and using the self-service tools so that next time maybe she will not need to call. ::Adam
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Shawn Kohrman Sent: Tuesday, July 03, 2012 15:32 To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] Self Service Password Reset For those of you who have self service password reset tools, do you maintain a list of users who are excluded from using the tool? If so, how did you go about establishing your criteria? Shawn ----- Shawn A. Kohrman, Security Architect Azusa Pacific University Information & Media Technology 901 E. Alosta Ave., PO Box 7000 Azusa, CA 91702-7000 P: 626.815.2054 | F: 626.815.2061 | http://www.apu.edu/ -----
Please consider the environment before printing this e-mail.
Current thread:
- Self Service Password Reset Shawn Kohrman (Jul 03)
- Re: Self Service Password Reset Schumacher, Adam J. (Jul 05)
- Re: Self Service Password Reset Shawn Kohrman (Jul 05)
- Re: Self Service Password Reset Schumacher, Adam J. (Jul 05)
- Re: Self Service Password Reset Gallese, Brady T. (Jul 05)
- Re: Self Service Password Reset Witmer, Robert (Jul 06)
- Re: Self Service Password Reset Shawn Kohrman (Jul 05)
- Re: Self Service Password Reset Gary Flynn (Jul 06)
- Message not available
- Re: Self Service Password Reset Dexter Caldwell (Jul 06)
- Re: Self Service Password Reset Schumacher, Adam J. (Jul 05)