[unisog] Password Reset Procedures - How do you do it?

Cal Frye cjf at calfrye.com
Sat Jun 6 20:11:08 GMT 2009


randy marchany wrote:
> Sorry to bother everyone as I know you have busy schedules.  I’m
> trying to do some checking on password resets.  Specifically, if a
> user forgets their password, do you allow them to answer secret
> questions and set a new password online?  Do you have specific
> procedures, policy, etc. on what occurs if a user (faculty, staff,
> student) forgets their password? If so, where can we find them online?
> Thanks.

Hi, Randy,
Our policies are somewhat laid out here:
http://www.oberlin.edu/cit/accounts/ObieIDpwd.html

The deal is if they don't use the online password reset widget with the
secret questions, etc., we must see photo ID as proof of identity before
we'll manually reset their password. (In case of extreme hardship, we'll
accept a fax of such document as proof they have it in their
possession). If that isn't going to work, we deal with each case
individually, but we try to keep such meddling to a minimum.

Behind the scenes, the password reset widget changes passwords in
several different directories. When we reset a password, we change only
one of the directories' passwords. This is sufficient for the client to
log into the password reset mechanism, but not sufficient for them to
access email, etc, so there is incentive to go and change their password
using the widget right away.

-- 
Celebrating the 150th anniversary of the publication of the Origin of
Species.
-- Cal Frye, Network Administrator, Oberlin College
   Mudd Library, x.56930 -- CIT will NEVER ask you for your password!

   www.calfrye.com,  www.pitalabs.com

"I've always felt that homophobic attitudes and policies were unjust and
unworthy of a free society and must be opposed by all Americans who
believe in democracy." -- Coretta Scott King


More information about the unisog mailing list