Re: Forgot password option for users (process)

From: Robert Moir (robspamtrap+msnews_at_gmail.com)
Date: 09/09/05 

Date: Fri, 9 Sep 2005 22:17:44 +0100

RobJaudon wrote:
> Doug,
>
> This is for an Enterprise solution. We want a process in place so
> the end user will not have to contact helpdesk.
>
> Any other pointers would be great.

Creating an unmanaged an unowned account that anyone can log into is never
going to be a good idea.

Creating a custom GINA could swing it but it will take a lot of work, and a
secure password resetting system is going to contain a lot of overhead that
isn't going to fit well into that model perhaps.

I've been involved in designing a similar tool in the past year and we found
it to be quite involved, and we're looking at placing dedicated "automated
helpdesk kiosk" machines in public areas of the building because we found
that the full burden of an app that can securely scan a user's company ID
card to verify who they are and then ask them a security question of their
choice to be quite intensive and hence needing a full application framework.

[note to anyone who is about to reply and comment on how bad an idea this is
because its insecure and etc..., there has been a lot more thought put into
the project than i'm posting here and most of that thought has been on the
security angle]

Perhaps now is the time to consider biometrics so that users don't have to
remember passwords at all, or have you looked at some of the "commercial"
solutions out there that provide the sort of "automated kiosk" that i talk
about above? 

-- 
-- 
Rob Moir
Website - http://www.robertmoir.co.uk
Virtual PC 2004 FAQ - http://www.robertmoir.co.uk/win/VirtualPC2004FAQ.html
Kazaa - Software update services for your Viruses and Spyware.