[unisog] Password Reset Procedures - How do you do it?
Adam Schumacher
adamschumacher at creighton.edu
Mon Jun 8 15:30:14 GMT 2009
We have developed an in-house system that requires a person to answer
pre-defined security questions, and have access to a secondary email account
or a mobile phone capable of receiving SMS. This provides two factor
authentication before a user is allowed to reset their password. This
process replaces an old one involving needing an ID card and the password
being set with last 4 of ssn.
What we are working on now, is changing the processes so that accounts are
created with a random password and set to disabled until the user logs on
with a one time password (that is given in person, or sent via USPS) and
configures his/her security questions and alternate contact info.
On 6/5/09 1:34 PM, "randy marchany" <marchany at vt.edu> wrote:
> Sorry to bother everyone as I know you have busy schedules. I¹m
> trying to do some checking on password resets. Specifically, if a
> user forgets their password, do you allow them to answer secret
> questions and set a new password online? Do you have specific
> procedures, policy, etc. on what occurs if a user (faculty, staff,
> student) forgets their password? If so, where can we find them online?
> Thanks.
>
> Randy Marchany
> marchany at vt.edu
>
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog
sha1(
Adam Schumacher
Information Security Engineer
Creighton University
Don't share your password with ANYONE, EVER. This means YOU!
402-280-2383
402-672-1732
)
= 1a72637cf94189654ab1a827520a5e41738f41b0
More information about the unisog
mailing list