• Subject: Re: Password "Hint" Feasibility
  • From: John Earl <johnearl@xxxxxxxxxxxxxxx>
  • Date: Sat, 11 Nov 2000 16:16:24 -0800
  • Organization: The PowerTech Group


Richard Jackson wrote:

> Change the problem.  Whenever someone calls, don't try to help them discover
> their password, reset their password to the same as their userID and mark
> the profile as "must change password on next log-on".  Now you can skip the
> whole "hint" technology and put the problem back in the lap of the users.

In an organization with 5000+ users, how can any I.S. employee know that they 
actually reseting the password of the person that called, and not some imposter?
It's a very real problem.


John Earl                    johnearl@400security.com
The PowerTech Group      --> new number --> 253-872-7788
PowerLock Network Security   www.400security.com

| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2020 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].