Educause Security Discussion
mailing list archives
Re: Password hints
From: Brian Kaye <bdk () UNB CA>
Date: Fri, 12 Dec 2008 19:57:16 -0400
Why not allow them to create their own challenge question with some
appropriate scan of the question and answer?
On Fri, 12 Dec 2008, Stewart, Ian wrote:
Date: Fri, 12 Dec 2008 16:26:00 -0500
From: "Stewart, Ian" <istewart () UMASSP EDU>
Reply-To: The EDUCAUSE Security Constituent Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU>
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] Password hints
Does anyone have advice for what sort of questions might be allowable or
wise to use for password challenge-response in the event someone forgets
their password? I think recent guidelines have ruled out using your
mother's maiden name and other old standards.
How have you handled this at your campus?