|
I don't think I missed that, I think that it is a separate issue - but a very valid one. Your suggestion that changes is made by the local supervisor doesn't change the technique but it does address the authentication problem while spreading the security admin roles (albeit in a highly controllable way) much further afield. I think that we agree on the HINT app - bad idea. I think that we agree on what should happen if the user forgets their password - change it to something that they can use once and force them to change it again. There are dozens of other issues in here that neither of us mentioned. For example, what if the user cannot remember a password at all? Social, cultural, financial, and security issues abound. Richard Jackson Richard Jackson and Associates Ltd. IBM Business Partner mailto:richardjackson@richardjackson.net http://www.richardjacksonltd.com Telephone: 1 (303) 808-8058 -|-----Original Message----- -|From: owner-midrange-l@midrange.com -|[mailto:owner-midrange-l@midrange.com]On Behalf Of John Earl -|Sent: Saturday, November 11, 2000 7:16 PM -|To: MIDRANGE-L@midrange.com -|Subject: Re: Password "Hint" Feasibility -| -| -|Richard, -| -|Richard Jackson wrote: -| -|> Change the problem. Whenever someone calls, don't try to help -|them discover -|> their password, reset their password to the same as their -|userID and mark -|> the profile as "must change password on next log-on". Now you -|can skip the -|> whole "hint" technology and put the problem back in the lap of -|the users. -| -|In an organization with 5000+ users, how can any I.S. employee -|know that they are -|actually reseting the password of the person that called, and not -|some imposter? -|It's a very real problem. -| -|jte -| -| -| -|-- -|John Earl johnearl@400security.com -|The PowerTech Group --> new number --> 253-872-7788 -|PowerLock Network Security www.400security.com -|-- -| -| -| -| -|+--- -|| This is the Midrange System Mailing List! -|| To submit a new message, send your mail to MIDRANGE-L@midrange.com. -|| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. -|| To unsubscribe from this list send email to -|MIDRANGE-L-UNSUB@midrange.com. -|| Questions should be directed to the list owner/operator: -|david@midrange.com -|+--- +--- | This is the Midrange System Mailing List! | To submit a new message, send your mail to MIDRANGE-L@midrange.com. | To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com. | To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com. | Questions should be directed to the list owner/operator: david@midrange.com +---
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.