We've been around the block on this one, and have chosen to err on the
side of keeping the information as secure as possible - such that even
the Help Desk people who take the call don't know, and cannot find out,
the forgotten password. Instead, we 'reset' it to a standard convention
and remind the caller of that convention so that s/he can then log in
(and, if they follow our strong encouragement, change the default
password to an individual one). Even that convention is about to
change, such that we will no longer use any portion of the Social
David W. Sisk Associate Director, Information Technology Services
Macalester College / 1600 Grand Avenue / St. Paul, MN 55105-1899
http://www.macalester.edu/~sisk/ Voice (651) 696-6745, FAX 696-6778
John Davis wrote:
> We can easily build a web-page that asks for various items such as SSN,
> ERP ID, Birthdate, etc. to validate the person know that information in
> order to release a "password". I have staff members thinking that this
> is not secure enough.
> Can some of you give me an idea how you release passwords to an
> individual who has forgotten their password? Any other information
> will be appreciated.
> John R. Davis, CIO E-mail: [log in to unmask]
> Information Technology http://www.marietta.edu/~davisj
> Marietta College
> 215 5th St Voice: (740) 376-4390
> Marietta, OH 45750 Fax: (740) 376-4896
> This message was sent using Marietta College WebMail.
> Participation and subscription information for this EDUCAUSE Constituent
> Group discussion list can be found at http://www.educause.edu/groups/.
Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.