Educause Security Discussion mailing list archives
Re: Challenge/response questions?
From: Kevin Shalla <kshalla () UIC EDU>
Date: Fri, 10 Apr 2009 15:45:48 -0500
Something that can be useful to ask is some information on academic data, like Who are all your professors this term? What was your ACT score? Who submitted a letter of recommendation for admission? Of course this depends upon access to this information in some campus database. At 12:57 PM 4/10/2009, Witmer, Robert wrote:
There must be a better way! We have a customized single sign on solution and are looking at self service password resets from a web page. Everything after authentication has been worked out. Currently we are thinking of using challenge/response type questions to verify account ownership. However, either most of the information is available on line (mother's maiden name = genealogy sites) or includes personally identifying information (SSN last 4) that we don't collect and don't want to use. Anyone have a better idea? If not, anyone have better challenge/response questions? Regards, Bob
Current thread:
- Challenge/response questions? Witmer, Robert (Apr 10)
- <Possible follow-ups>
- Re: Challenge/response questions? Mike Waller (Apr 10)
- Re: Challenge/response questions? Bob Bayn (Apr 10)
- Re: Challenge/response questions? Kevin Shalla (Apr 10)
- Re: Challenge/response questions? McCrary, Barbara (Apr 10)
- Re: Challenge/response questions? j.price (Apr 10)
- Re: Challenge/response questions? Dave Ferguson (Apr 13)
- Re: Challenge/response questions? Schumacher, Adam J (Apr 13)
- Re: Challenge/response questions? Gary Flynn (Apr 14)
- Re: Challenge/response questions? Gary Flynn (Apr 14)
- Re: Challenge/response questions? Gary Flynn (Apr 14)
- Re: Challenge/response questions? Gary Flynn (Apr 14)
- Re: Challenge/response questions? Bob Bayn (Apr 14)
- Re: Challenge/response questions? Gary Flynn (Apr 14)
(Thread continues...)