Educause Security Discussion mailing list archives
Re: Self Service Password Reset
From: Dexter Caldwell <Dexter.Caldwell () FURMAN EDU>
Date: Fri, 6 Jul 2012 13:24:43 +0000
I know the vendor that we use for Password Reset does recommend that you specifically block IT Staff accounts from enrollment via the system. (Particularly privileged accounts). Depending upon how you are setup, one reason to block some accounts, for example is if you cannot easily control whether those with Help Desk administrative reset capability, for example, perhaps students- can potentially reset privileged accounts or executive accounts and potentially access data privileged information. Of course, there are ways to properly manage this in some systems, such as Active Directory, but sometimes directory structure is designed for several purposes that don’t always neatly fit into every neat category of business function that applications might need. D/C From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] Sent: Thursday, July 05, 2012 6:38 PM To: Dexter Caldwell; SECURITY () LISTSERV EDUCAUSE EDU Subject: Re: [SECURITY] Self Service Password Reset Importance: Low Maybe I am missing something obvious, but why would you want to exclude users from being able to reset their own password? Our self-service requires "multi-factor" authentication (answer security questions & access to external email account or cell phone), and unless the user has not provided the required information (or doesn't remember what it was), she should be able to reset the password. We encourage this as much as possible, as it reduces the load on the HD. Even if the customer calls the help desk and needs some kind of manual intervention (forgot answers, never set it up, etc), they will walk her through setting up and using the self-service tools so that next time maybe she will not need to call. ::Adam
-----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Shawn Kohrman Sent: Tuesday, July 03, 2012 15:32 To: SECURITY () LISTSERV EDUCAUSE EDU<mailto:SECURITY () LISTSERV EDUCAUSE EDU> Subject: [SECURITY] Self Service Password Reset For those of you who have self service password reset tools, do you maintain a list of users who are excluded from using the tool? If so, how did you go about establishing your criteria? Shawn ----- Shawn A. Kohrman, Security Architect Azusa Pacific University Information & Media Technology 901 E. Alosta Ave., PO Box 7000 Azusa, CA 91702-7000 P: 626.815.2054 | F: 626.815.2061 | http://www.apu.edu/ -----
Current thread:
- Self Service Password Reset Shawn Kohrman (Jul 03)
- Re: Self Service Password Reset Schumacher, Adam J. (Jul 05)
- Re: Self Service Password Reset Shawn Kohrman (Jul 05)
- Re: Self Service Password Reset Schumacher, Adam J. (Jul 05)
- Re: Self Service Password Reset Gallese, Brady T. (Jul 05)
- Re: Self Service Password Reset Witmer, Robert (Jul 06)
- Re: Self Service Password Reset Shawn Kohrman (Jul 05)
- Re: Self Service Password Reset Gary Flynn (Jul 06)
- Message not available
- Re: Self Service Password Reset Dexter Caldwell (Jul 06)
- Re: Self Service Password Reset Schumacher, Adam J. (Jul 05)