Educause Security Discussion mailing list archives
Re: Authentication of remote users
From: Gary Flynn <flynngn () JMU EDU>
Date: Fri, 4 Jan 2008 14:29:59 -0500
Joel Rosenblatt wrote:
The point of the ID card is that you just do a RESET of the id if they present the card (Over the phone, by knowing the card number, or by fax) - the ID is not active at that point, but put back to the initial state. It then requires them to know the proper secrets to re-activate it.
We also have the concept of a "reset" and its associated default password made up of a concatenation of secrets. However, one of those secrets is the last four digits of the SSN and we've been given direction to eliminate any use of the SSN - in full or in part. Birthdate has also been mentioned as taboo. Do you use those secrets to make up the default password when an account is "reset"? -- Gary Flynn Security Engineer James Madison University www.jmu.edu/computing/security
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
Current thread:
- Re: Authentication of remote users, (continued)
- Re: Authentication of remote users Joel Rosenblatt (Jan 03)
- Re: Authentication of remote users Roger Safian (Jan 03)
- Re: Authentication of remote users charlie derr (Jan 03)
- Re: Authentication of remote users Roger Safian (Jan 03)
- Re: Authentication of remote users Cal Frye (Jan 03)
- Re: Authentication of remote users Doug Markiewicz (Jan 04)
- Re: Authentication of remote users Doug Markiewicz (Jan 04)
- Re: Authentication of remote users Gary Flynn (Jan 04)
- Re: Authentication of remote users Hunt,Keith A (Jan 04)
- Re: Authentication of remote users Joel Rosenblatt (Jan 04)
- Re: Authentication of remote users Gary Flynn (Jan 04)
- Re: Authentication of remote users Joel Rosenblatt (Jan 04)
- Re: Authentication of remote users Valdis Kletnieks (Jan 04)
- Re: Authentication of remote users Hunt,Keith A (Jan 04)
- Re: Authentication of remote users Jim Dillon (Jan 04)
- Re: Authentication of remote users Joel Rosenblatt (Jan 04)
- Re: Authentication of remote users Valdis Kletnieks (Jan 04)