[unisog] Password Reset Procedures - How do you do it?
cjf at calfrye.com
Sat Jun 6 20:11:08 GMT 2009
randy marchany wrote:
> Sorry to bother everyone as I know you have busy schedules. I’m
> trying to do some checking on password resets. Specifically, if a
> user forgets their password, do you allow them to answer secret
> questions and set a new password online? Do you have specific
> procedures, policy, etc. on what occurs if a user (faculty, staff,
> student) forgets their password? If so, where can we find them online?
Our policies are somewhat laid out here:
The deal is if they don't use the online password reset widget with the
secret questions, etc., we must see photo ID as proof of identity before
we'll manually reset their password. (In case of extreme hardship, we'll
accept a fax of such document as proof they have it in their
possession). If that isn't going to work, we deal with each case
individually, but we try to keep such meddling to a minimum.
Behind the scenes, the password reset widget changes passwords in
several different directories. When we reset a password, we change only
one of the directories' passwords. This is sufficient for the client to
log into the password reset mechanism, but not sufficient for them to
access email, etc, so there is incentive to go and change their password
using the widget right away.
Celebrating the 150th anniversary of the publication of the Origin of
-- Cal Frye, Network Administrator, Oberlin College
Mudd Library, x.56930 -- CIT will NEVER ask you for your password!
"I've always felt that homophobic attitudes and policies were unjust and
unworthy of a free society and must be opposed by all Americans who
believe in democracy." -- Coretta Scott King
More information about the unisog