Re: Password Reset

[Drew Perry <aperry () MURRAYSTATE EDU>]

Now there's a question that can spider fairly quickly. Let's begin by
asking "Which password?" Does your facility have consolidated credentials,
such that there is one password for everything? In our case, we have
consolidated identity (username), but each password can be (but most often
isn't) unique. However, our central ERP system has a consolidated pane
(pain?) for resetting each separate password all in one place. Resetting
your ERP password requires either answering 2 security questions chosen at
random from a larger pool, OR a visit to the help desk. There is the
ability for remote users to receive a password reset for the ERP system via
official email, but that's assuming you also remember your email password.
You see how quickly this can get fairly complicated?

Our long-term goal is a simple backend solution where setting your ERP
password resets all of your other passwords to the same at the same time.
We already have the hooks in place since ERP resets all others. But there
are licensing and political roadblocks keeping that solution from
manifesting. User credentialing has long been the bane of Information
Security. As Matt Honan wrote in wired, "passwords are broken." But until
alternative identification methods are more ubiquitous, they're what we
have.

Drew Perry
Security Analyst
Murray State University
(270) 809-4414
aperry () murraystate edu

***MSU Information Systems staff will *never* ask for your password or
other confidential information via email.***
*
*


On Mon, Jan 14, 2013 at 10:03 AM, Jason Rinne <rinnej () moval edu> wrote:

> As we move further into distance learning and remote locations, how are
> you handling users who forgot their password?  Do you have software in
> place that allows users to reset their own passwords?  Was it purchased or
> written in-house?   If you don't have any software that does this is it
> cost or security concerns that are presenting the biggest road blocks?****
>
> ** **
>
> ** **
>
> *Jason Rinne*
>
> *Systems Administrator*
>
> 500 E. College Street * Marshall, MO 65340****
>
> P 660-831-4088  ****
>
> rinnej () moval edu <jaecquesc () moval edu>
> [image: Logo for Email] <http://www.moval.edu/>
>
>
> This document may contain confidential information and is intended solely
> for the use of the addressee. If you received it in error, please contact
> the sender at once and destroy the document. The document may contain
> information subject to restrictions of the Family Educational Rights and
> Privacy and the Gramm-Leach-Bliley Acts. Such information may not be
> disclosed or used in any fashion outside the scope of the service for which
> you are receiving the information.****
>
> ** **