Educause Security Discussion mailing list archives
Re: Password Reset
From: Drew Perry <aperry () MURRAYSTATE EDU>
Date: Mon, 14 Jan 2013 10:12:54 -0600
Now there's a question that can spider fairly quickly. Let's begin by asking "Which password?" Does your facility have consolidated credentials, such that there is one password for everything? In our case, we have consolidated identity (username), but each password can be (but most often isn't) unique. However, our central ERP system has a consolidated pane (pain?) for resetting each separate password all in one place. Resetting your ERP password requires either answering 2 security questions chosen at random from a larger pool, OR a visit to the help desk. There is the ability for remote users to receive a password reset for the ERP system via official email, but that's assuming you also remember your email password. You see how quickly this can get fairly complicated? Our long-term goal is a simple backend solution where setting your ERP password resets all of your other passwords to the same at the same time. We already have the hooks in place since ERP resets all others. But there are licensing and political roadblocks keeping that solution from manifesting. User credentialing has long been the bane of Information Security. As Matt Honan wrote in wired, "passwords are broken." But until alternative identification methods are more ubiquitous, they're what we have. Drew Perry Security Analyst Murray State University (270) 809-4414 aperry () murraystate edu ***MSU Information Systems staff will *never* ask for your password or other confidential information via email.*** * * On Mon, Jan 14, 2013 at 10:03 AM, Jason Rinne <rinnej () moval edu> wrote:
As we move further into distance learning and remote locations, how are you handling users who forgot their password? Do you have software in place that allows users to reset their own passwords? Was it purchased or written in-house? If you don't have any software that does this is it cost or security concerns that are presenting the biggest road blocks?**** ** ** ** ** *Jason Rinne* *Systems Administrator* 500 E. College Street * Marshall, MO 65340**** P 660-831-4088 **** rinnej () moval edu <jaecquesc () moval edu> [image: Logo for Email] <http://www.moval.edu/> This document may contain confidential information and is intended solely for the use of the addressee. If you received it in error, please contact the sender at once and destroy the document. The document may contain information subject to restrictions of the Family Educational Rights and Privacy and the Gramm-Leach-Bliley Acts. Such information may not be disclosed or used in any fashion outside the scope of the service for which you are receiving the information.**** ** **
Current thread:
- Password Reset Jason Rinne (Jan 14)
- Re: Password Reset Drew Perry (Jan 14)
- Re: Password Reset Santabarbara, Angelo (Jan 14)
- Re: Password Reset SCHALIP, MICHAEL (Jan 14)
- Re: Password Reset Santabarbara, Angelo (Jan 14)
- Re: Password Reset Roger A Safian (Jan 14)
- Re: Password Reset Santabarbara, Angelo (Jan 14)
- Re: Password Reset Jacobson, Dick (Jan 14)
- Re: Password Reset SCHALIP, MICHAEL (Jan 14)