Educause Security Discussion mailing list archives
Re: Use of PIN for Self Service Password Reset
From: Frank Barton <bartonf () HUSSON EDU>
Date: Wed, 3 Aug 2016 08:28:49 -0400
One Caveat that I would strongly suggest if you are using an alphanumeric PIN (and I'm not sure if you mean One-Time-Password, or a user set PIN that can be used ad-nauseam to reset) is to avoid the use of confusing characters (Il1oO0) unless you can control the interface in such a way as to make them very clearly distinct (upper case "I" having the top and bottom cross-bars, "0" having a center diagonal, etc) Frank On Wed, Aug 3, 2016 at 7:52 AM, Steve Munson <smunson () marymount edu> wrote:
We are moving to a use of 4 character PIN for self service password reset and am interested to see what standards others have established for PINs. For example, we are considering setting the PIN requirement to be at least 2 characters and 2 numbers. We are planning to use alphanumeric PIN instead of numeric to provide opportunity for more PIN complexity versus numeric only but interested in feedback/perspective from this group. Regards, Steve Munson Executive Director, IT Services Marymount University Arlington, Virginia
-- Frank Barton ACMT IT Systems Administrator Husson University
Current thread:
- Use of PIN for Self Service Password Reset Steve Munson (Aug 03)
- Re: Use of PIN for Self Service Password Reset Frank Barton (Aug 03)
- Re: Use of PIN for Self Service Password Reset Thomas Carter (Aug 03)
- Re: Use of PIN for Self Service Password Reset Steve Munson (Aug 03)
- Re: Use of PIN for Self Service Password Reset Frank Barton (Aug 04)
- Re: Use of PIN for Self Service Password Reset Thomas Carter (Aug 03)
- Re: Use of PIN for Self Service Password Reset Frank Barton (Aug 03)