General discussion

  • Creator
    Topic
  • #2109375

    Help!! I forgot my password!!

    Locked

    by mike emeigh ·

    This question is directed primarily to Net ADMINS FOR networks that connect multiple sites, where they have little face-to-face contact with their user base:

    Suppose you receive a request to reset a password from a user who claims to have forgotten his password. What procedures and policies do you have in place to ensure that the person making the request is actually the user?

    — MWE

All Comments

  • Author
    Replies
    • #3843638

      Help!! I forgot my password!!

      by marty_r ·

      In reply to Help!! I forgot my password!!

      Mike,

      Looking for the “politically correct” answer to cut and paste into a manual or the “common sense” answer to live with and hopefully not compromise your network in the process? After 16 years of Sys Admin work in various corporate, military, etc. environments, I have yet to see something on paper that will cover the subject to everyone’s satisfaction. When in doubt, use common sense, listen to the user(s), notice voice (uncomfortable, rushed, etc.), DO NOT JUMP ONTO A KEYBOARD to perform “your magic”! Take information regarding user id, phone number, etc. and defer problem to another admin -however, if you ARE the only admin, explain that you are in the middle of an extremely important project, meeting, resolution to a network problem (whatever, to buy some time and slow the process down a little). This activity allows you to think through some things; what kind of activity has been going on on your network? What do the log files say about the last days activity (providing that they aren’t compromised already!), did you see anything strange in your daily check of your servers? Do you need to get together with another Sys Admin and review the above questions? COMMON SENSE!! Build it into your “daily” routine and sometimes it even starts to make sense after a while. Hope this rambling helps – Good Luck in your endevour :>)

    • #3844310

      Help!! I forgot my password!!

      by purple713 ·

      In reply to Help!! I forgot my password!!

      To answer your question:
      Here are some procedures that I follow:

      1. Ask for the user name
      2. Extension of the phone
      3. Room Number
      4. Ask for his director’s name (if the user stumbles, you know that something is wrong.) Explain to the user that is for security measures

      5. Call the person’s Director to see if that user is in fact in the office. (Always helps.)

    • #3844213

      Help!! I forgot my password!!

      by mike emeigh ·

      In reply to Help!! I forgot my password!!

      To Marty R:

      I am looking for a “common sense” answer. I’m really more interested in what others are really doing, rather than anything that might be “politically correct” but isn’t likely to be followed in practiuce.

    • #3850225

      Help!! I forgot my password!!

      by mfitch ·

      In reply to Help!! I forgot my password!!

      I’ve gotten flack for trying to implement here (it worked great at my last company), but requiring the user’s supervisor to authorize the reset via email serves to both authenticate the request AND deters the users from making multiple stupid mistakes with there passwords.

      It may also alert the area supervisor to possible security compromises in their area.

      One day….

    • #3833132

      Help!! I forgot my password!!

      by rachel_s ·

      In reply to Help!! I forgot my password!!

      Mike –

      Read an article once (here I think?) that discusses this topic. You could implement security cards and readers (expensive and can be lost) or have the person come and show you thier ID (yeah right!). They suggest getting information about the user and leaving the password on the person’s voice mail – (most likely they haven’t forgotten that password!). Hopefully all the users have a phone and don’t write the phone mail password on or by their phones (like here!).
      -Rachel

    • #3847730

      Help!! I forgot my password!!

      by jasontik ·

      In reply to Help!! I forgot my password!!

      Send the password to their e-mail address

    • #3699697

      Help!! I forgot my password!!

      by mike emeigh ·

      In reply to Help!! I forgot my password!!

      This question was closed by the author

Viewing 6 reply threads