Educause Security Discussion mailing list archives
Re: Password resets
From: Dan Wasson <dan () NMC EDU>
Date: Tue, 1 Aug 2017 15:59:30 -0400
1. We allow password reset requests via telephone 2. Individuals are required to confirm 3 pieces of individual identifying information. 3. We have 3 levels of password reset permission. 1. Level 1 - Employees that deal directly with students (registration, financial aid, records, advising, etc) have the ability to change student passwords, but not employee passwords. 2. Level 2 - Employee passwords can only be changed by help desk personnel or IT staff. 3. Level 3 - IT staff passwords can only be changed by other IT staff members. 4. Temp passwords are verbally given if the individual is on the phone. Dan *Dan Wasson* *Director Systems & LAN Management* *Northwestern Michigan College* *231-995-1164* *dwasson () nmc edu <dwasson () nmc edu>* *Don't be a scam victim - NMC and other reputable organizations will never use email to request that you reply with your password, social security number or confidential personal information.* On Tue, Aug 1, 2017 at 10:22 AM, McClenon, Brady <Brady.McClenon () oneonta edu
wrote:
I’m curious as to how other institutions handle user password resets when self-service mechanisms fail or options are exhausted. Specific questions I have are: 1. Do you allow reset requests over the phone, or require they be done in person? 2. How do you verify identity over the phone or in person? 3. Who at your institution is empowered to perform password resets? 4. How do you deliver the new/temp password to the user? Thanks, Brady McClenon IT Security Administrator ITS – IT Security SUNY Oneonta
Current thread:
- Password resets McClenon, Brady (Aug 01)
- Re: Password resets Dan Wasson (Aug 01)
- Re: Password resets Barton, Robert W. (Aug 01)
- Re: Password resets Dan Wasson (Aug 01)