Results 1 to 7 of 7

Thread: Password Reset Process

Thread Tools
- Show Printable Version
Display
- Switch to Linear Mode
- Switch to Hybrid Mode
- Threaded Mode

Threaded View

March 17th, 2003, 08:17 PM #7
thehorse13

View Profile

View Forum Posts
Master-Jedi-Pimps0r & Moderator

Join Date

Dec 2002

Location

Washington D.C. area

Posts

2,886
We use the, something you have and something you know approach.

Example:
===============
User forgets password.
User establishes an SSL (version 3) connection to the helpdesk server.
Helpdesk server asks end user for his badge ID # (something he/she has) and Social Security # (something he/she knows)
If all info matches, the password is reset to whatever the user sets it to and a log entry is made.
Logs are reviewed daily by the AD Admin who follows up via phone to ensure validity.

We also have a secret answer to a question the end user has supplied as a third method of validation.

Hope this helps out.

Our scars have the power to remind us that our past was real. -- Hannibal Lecter.
Talent is God given. Be humble. Fame is man-given. Be grateful. Conceit is self-given. Be careful. -- John Wooden
Reply With Quote

Quick Navigation Miscellaneous Security Discussions Top

« Previous Thread | Next Thread »

Posting Permissions

You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
[VIDEO] code is On
HTML code is Off

Forum Rules

Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

Thread: Password Reset Process

Thread Tools

Display

Threaded View

Posting Permissions