How many Johns does it take to carry on a conversation? :-)
We do what Jon suggested - we have a web interface that validates the
individual based on a core set of info and allows them to reset their
password. This permits the password resetting to take place even after
the password has expired (which happens during the summer or when
students are overseas, etc.).
I hear the concern that the core set of identification info may not be
sufficiently secure. We use three different info items and hope/believe
that's enough. We may look further into that.
Give a person a fish and you feed them for a day.
Teach that person to use the Internet and they won't bother you for weeks.
John L. Beck
Director, Computer Services
St. Norbert College
100 Grant Street
De Pere, WI 54115-2099
E-Mail: [log in to unmask]
Phone: (920) 403-3866
Fax: (920) 403-4084
Jon E. Mitchiner wrote:
> What is your definition of "release"? Does this mean that you would
> be sharing the password back with the user? If so, this could be
> potentially dangerous. Some users may use the same password for a
> number of services, such as at their University, for their Yahoo
> e-mail account, and so forth.
> I think a safer mechanism would be to reset the password. If the
> legal user notices they can't log into the system anymore, they will
> know someone changed their password.
> Jon E. Mitchiner
> ITS Director
> (202) 651-5300
> (202) 651-5477 (Fax)
> John Davis wrote:
>> We can easily build a web-page that asks for various items such as
>> SSN, ERP ID, Birthdate, etc. to validate the person know that
>> information in order to release a "password". I have staff members
>> thinking that this is not secure enough.
>> Can some of you give me an idea how you release passwords to an
>> individual who has forgotten their password? Any other information
>> will be appreciated.
>> John R. Davis, CIO E-mail: [log in to unmask]
>> Information Technology http://www.marietta.edu/~davisj
>> Marietta College
>> 215 5th St Voice: (740) 376-4390
>> Marietta, OH 45750 Fax: (740) 376-4896
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.