[unisog] Password Reset Procedures - How do you do it?

John Grover jgrover at maine.edu
Sat Jun 6 10:52:04 GMT 2009


Here at UMS we have a self-service page (that fac/staff and students can
use) to do password resets via user generated questions and answers. We need
some retooling in that area and in particular I don't think the user
generated questions turned out to be such a good idea.

There is a discussion right now on the educause IDM list about password
distribution and service that you may find helpful -

One idea I got from it that I hadn't considered before is that the questions
should be opinion based because it may be harder for me to know your opinion
of something than to know a fact about you.

John Grover
Assoc. Director, Systems and Operations
University of Maine System

On Fri, Jun 5, 2009 at 2:34 PM, randy marchany <marchany at vt.edu> wrote:

> Sorry to bother everyone as I know you have busy schedules.  I’m
> trying to do some checking on password resets.  Specifically, if a
> user forgets their password, do you allow them to answer secret
> questions and set a new password online?  Do you have specific
> procedures, policy, etc. on what occurs if a user (faculty, staff,
> student) forgets their password? If so, where can we find them online?
> Thanks.
> Randy Marchany
> marchany at vt.edu
> _______________________________________________
> unisog mailing list
> unisog at lists.dshield.org
> https://lists.sans.org/mailman/listinfo/unisog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.sans.org/pipermail/unisog/attachments/20090606/3f47036c/attachment.htm 

More information about the unisog mailing list