Educause Security Discussion mailing list archives
Re: Password Management Policy & Standards
From: Thomas Carter <tcarter () AUSTINCOLLEGE EDU>
Date: Fri, 26 Feb 2016 19:33:49 +0000
I hope this isn't off topic, but how does password self-service work with these policies and standards? With the proliferation of social media, it's very difficult to come up with truly secure security questions. For an alternate email the ownership of that off-campus address is unverifiable. There is also the question of requests to the help desk for password resets. In person we ask for identification, but over-the-phone resets have the same "secure question" issue that the self-service reset has. Asking for DOB or address is way too easy to impersonate. How are you verifying account ownership? These are some of the practical matters with passwords we are struggling with. A super secure password with good policies are no help if a little social engineering can get account access the "proper" way. Thomas Carter Network & Operations Manager Austin College
Current thread:
- Re: Password Management Policy & Standards, (continued)
- Re: Password Management Policy & Standards Joanna Grama (Feb 26)
- Re: Password Management Policy & Standards Brad Judy (Feb 26)
- Re: Password Management Policy & Standards McClenon, Brady (Feb 26)
- Re: Password Management Policy & Standards David Sheryn (Feb 26)
- Re: Password Management Policy & Standards Joanna Grama (Feb 26)
- Re: Password Management Policy & Standards Kevin Reedy (Feb 26)
- Re: Password Management Policy & Standards Frank Barton (Feb 26)
- Re: Password Management Policy & Standards Dan Sarazen (Feb 26)
- Re: Password Management Policy & Standards Frank Barton (Feb 26)
- Re: Password Management Policy & Standards Kevin Reedy (Feb 26)
- Re: Password Management Policy & Standards Thomas Carter (Feb 26)
- Re: Password Management Policy & Standards Jones, Mark B (Feb 26)
- Re: Password Management Policy & Standards Thomas Carter (Feb 26)
- Re: Password Management Policy & Standards Jones, Mark B (Feb 26)