RE: "a simple identifier (unique to each user)" Here, we call those passwords. ;)
What happens if someone forgets their simple identifier? What happens if someone over hears them giving it on the phone to reset a password? Can they get it changed? How is this any different than an extra password and therefore extra attack surface? -----Original Message----- From: Guyer, Donald [mailto:[email protected]] Sent: Thursday, March 08, 2012 2:04 PM To: NT System Admin Issues Subject: RE: Security questions to reset passwords, locked accounts, etc. Where I'm at there is a current project going on to populate AD accounts with a simple identifier (unique to each user) for them to give when requesting password resets/lockouts. There's lots of software packages out there for self-service password management, so they wouldn't have to contact the help desk. Depends on what you want it to do and budget. Regards, Don Guyer Directory and Messaging Services Catholic Health East, ITSS -----Original Message----- From: Maglinger, Paul [mailto:[email protected]] Sent: Thursday, March 08, 2012 1:51 PM To: NT System Admin Issues Subject: Security questions to reset passwords, locked accounts, etc. When you register for online services, it seems that a lot more of them are now asking for security questions so that you can retrieve your password or unlock your account. Is anyone familiar with these systems and can give me a brief rundown on how they work? Are these typically 3rd party solutions or homegrown? Has anyone heard of using them in a business environment to automate the process of re-enabling locked out accounts and reset forgotten passwords? Or more basic yet, are these questions/answers typically stored in some type of database or as an object in AD? -Paul ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin Confidentiality Notice: This e-mail, including any attachments is the property of Catholic Health East and is intended for the sole use of the intended recipient(s). It may contain information that is privileged and confidential. Any unauthorized review, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please delete this message, and reply to the sender regarding the error in a separate email. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
