RE: Self Service Password Resets
- From: "Mailvaganam, Hari" <hari.mailvaganam@xxxxxx>
- Date: Thu, 2 Apr 2009 11:07:47 -0700
Hi Josh:
Suggestion:
Account holders could answer challenge questions online prior to
granting privilege to reset password. Depending on your security level
the type and number of challenge questions can be varied. Some
institutions require RSA keyfobs (potentially costly; maybe restricted
to subset of users).
Best regards,
Hari
-----Original Message-----
From: listbounce@xxxxxxxxxxxxxxxxx [mailto:listbounce@xxxxxxxxxxxxxxxxx]
On Behalf Of Campbell, Josh
Sent: March 31, 2009 7:46 AM
To: 'security-basics@xxxxxxxxxxxxxxxxx'
Subject: Self Service Password Resets
Hello list,
I work for a public university and my manager has asked me to look into
a self service password reset solution. We have many employees that do
not work on campus or even in the same state (adjunct professors).
Currently when they forget their password we have them go through
several hoops to get their password reset, including faxing over some ID
and having their department head contact us. This was originally
designed to be a hassle in hopes that we wouldn't get very many "repeat
customers" for forgetting their passwords.
Anywho, I was wondering what solutions other people out there are using
for this type of thing? Ideally we would like something that a user
could go to from their web browser at home or any computer not on our
network and they would be forced to answer a series of challenge
questions (I know this brings up the point of them forgetting the
challenge questions too but let's not even go there). We use MS Active
Directory so that would also be a requirement for the solution.
Thanks in advance!
-Josh C
------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute
No time or budget for traveling to a training course in this fiscal
year? Check out the online information security courses available at
InfoSec Institute. More than a boring "talking head", train in our
virtual labs for a total hands-on training experience. Get the certs you
need: CEH, CPT, CEPT, CISA, CISSP, CISM
http://www.infosecinstitute.com/request_online_training.html
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: InfoSec Institute
No time or budget for traveling to a training course in this fiscal year? Check out the online information security courses available at InfoSec Institute. More than a boring "talking head", train in our virtual labs for a total hands-on training experience. Get the certs you need: CEH, CPT, CEPT, CISA, CISSP, CISM
http://www.infosecinstitute.com/request_online_training.html
------------------------------------------------------------------------
- Follow-Ups:
- RE: Self Service Password Resets
- From: Siscar, Emerson E.
- RE: Self Service Password Resets
- References:
- Self Service Password Resets
- From: Campbell, Josh
- Self Service Password Resets
- Prev by Date: RE: dotLOCAL Domain
- Next by Date: RE: dotLocal Domain
- Previous by thread: RE: Self Service Password Resets
- Next by thread: RE: Self Service Password Resets
- Index(es):
Relevant Pages
|
