I don't think I missed that, I think that it is a separate issue - but a
very valid one.  Your suggestion that changes is made by the local
supervisor doesn't change the technique but it does address the
authentication problem while spreading the security admin roles (albeit in a
highly controllable way) much further afield.  I think that we agree on the
HINT app - bad idea.  I think that we agree on what should happen if the
user forgets their password - change it to something that they can use once
and force them to change it again.  There are dozens of other issues in here
that neither of us mentioned.  For example, what if the user cannot remember
a password at all?  Social, cultural, financial, and security issues abound.

Richard Jackson
Richard Jackson and Associates Ltd.
IBM Business Partner
mailto:richardjackson@richardjackson.net
http://www.richardjacksonltd.com
Telephone: 1 (303) 808-8058


-|-----Original Message-----
-|From: owner-midrange-l@midrange.com
-|[mailto:owner-midrange-l@midrange.com]On Behalf Of John Earl
-|Sent: Saturday, November 11, 2000 7:16 PM
-|To: MIDRANGE-L@midrange.com
-|Subject: Re: Password "Hint" Feasibility
-|
-|
-|Richard,
-|
-|Richard Jackson wrote:
-|
-|> Change the problem.  Whenever someone calls, don't try to help
-|them discover
-|> their password, reset their password to the same as their
-|userID and mark
-|> the profile as "must change password on next log-on".  Now you
-|can skip the
-|> whole "hint" technology and put the problem back in the lap of
-|the users.
-|
-|In an organization with 5000+ users, how can any I.S. employee
-|know that they are
-|actually reseting the password of the person that called, and not
-|some imposter?
-|It's a very real problem.
-|
-|jte
-|
-|
-|
-|--
-|John Earl                    johnearl@400security.com
-|The PowerTech Group      --> new number --> 253-872-7788
-|PowerLock Network Security   www.400security.com
-|--
-|
-|
-|
-|
-|+---
-|| This is the Midrange System Mailing List!
-|| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
-|| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
-|| To unsubscribe from this list send email to
-|MIDRANGE-L-UNSUB@midrange.com.
-|| Questions should be directed to the list owner/operator:
-|david@midrange.com
-|+---
+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

This thread ...

Replies:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].