Home page logo

educause logo Educause Security Discussion mailing list archives

Re: Password hints
From: Cal Frye <cjf () CALFRYE COM>
Date: Mon, 15 Dec 2008 11:38:52 -0500

Roger Safian wrote:
At 05:57 PM 12/12/2008, Brian Kaye put fingers to keyboard and wrote:
Why not allow them to create their own challenge question with some
appropriate scan of the question and answer?

FWIW, in our case, we wanted to create a system that the users
could use online.  If you allow users to create their own questions,
and you want a self remediation online access, then they need to
answer their question exactly the same.  It doesn't always work that
way, since people forget things like capitalization, etc.

Granted, but that problem exists with the standard questions, as well.

I recently had this problem with AT&T, 'cause their questions include some of the lame
ones I don't want to use and a couple of the time-limited "what is your favorite movie"
types (What was it the day I set up this account, anyway? Hm...). Would be nice to create
my own question for that site, certainly.

-- Cal Frye, Network Administrator, Oberlin College
   Mudd Library, x.56930 -- CIT will NEVER ask you for your password!

   www.calfrye.com,  www.pitalabs.com

"A man who says that no patriot should attack the war until it is over...is saying no good
son should warn his mother of a cliff until she has fallen." --G. K. Chesterton.

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]