Re: Password resets

[Dan Wasson <dan () NMC EDU>]

   1. We allow password reset requests via telephone
   2. Individuals are required to confirm 3 pieces of individual
   identifying information.
   3. We have 3 levels of password reset permission.
      1. Level 1 - Employees that deal directly with students
      (registration, financial aid, records, advising, etc) have the ability to
      change student passwords, but not employee passwords.
      2. Level 2 - Employee passwords can only be changed by help desk
      personnel or IT staff.
      3. Level 3 - IT staff passwords can only be changed by other IT staff
      members.
   4. Temp passwords are verbally given if the individual is on the phone.

Dan





*Dan Wasson*
*Director Systems & LAN Management*
*Northwestern Michigan College*
*231-995-1164*
*dwasson () nmc edu <dwasson () nmc edu>*

*Don't be a scam victim - NMC and other reputable organizations will never
use email to request that you reply with your password, social security
number or confidential personal information.*

On Tue, Aug 1, 2017 at 10:22 AM, McClenon, Brady <Brady.McClenon () oneonta edu
> wrote:

> I’m curious as to how other institutions handle user password resets when
> self-service mechanisms fail or options are exhausted.  Specific questions
> I have are:
>
>
>
>    1. Do you allow reset requests over the phone, or require they be done
>    in person?
>    2. How do you verify identity over the phone or in person?
>    3. Who at your institution is empowered to perform password resets?
>    4. How do you deliver the new/temp password to the user?
>
>
>
>
>
> Thanks,
>
>
>
>
>
> Brady McClenon
>
> IT Security Administrator
>
> ITS – IT Security
>
> SUNY Oneonta