General discussion
-
CreatorTopic
-
February 7, 2001 at 7:02 am #2109375
Help!! I forgot my password!!
Lockedby mike emeigh · about 21 years, 11 months ago
This question is directed primarily to Net ADMINS FOR networks that connect multiple sites, where they have little face-to-face contact with their user base:
Suppose you receive a request to reset a password from a user who claims to have forgotten his password. What procedures and policies do you have in place to ensure that the person making the request is actually the user?
— MWE
Topic is locked -
CreatorTopic
All Comments
-
AuthorReplies
-
-
February 7, 2001 at 10:23 am #3843638
Help!! I forgot my password!!
by marty_r · about 21 years, 11 months ago
In reply to Help!! I forgot my password!!
Mike,
Looking for the “politically correct” answer to cut and paste into a manual or the “common sense” answer to live with and hopefully not compromise your network in the process? After 16 years of Sys Admin work in various corporate, military, etc. environments, I have yet to see something on paper that will cover the subject to everyone’s satisfaction. When in doubt, use common sense, listen to the user(s), notice voice (uncomfortable, rushed, etc.), DO NOT JUMP ONTO A KEYBOARD to perform “your magic”! Take information regarding user id, phone number, etc. and defer problem to another admin -however, if you ARE the only admin, explain that you are in the middle of an extremely important project, meeting, resolution to a network problem (whatever, to buy some time and slow the process down a little). This activity allows you to think through some things; what kind of activity has been going on on your network? What do the log files say about the last days activity (providing that they aren’t compromised already!), did you see anything strange in your daily check of your servers? Do you need to get together with another Sys Admin and review the above questions? COMMON SENSE!! Build it into your “daily” routine and sometimes it even starts to make sense after a while. Hope this rambling helps – Good Luck in your endevour :>)
-
March 12, 2001 at 1:28 am #3699700
Help!! I forgot my password!!
by mike emeigh · about 21 years, 10 months ago
In reply to Help!! I forgot my password!!
Poster rated this answer
-
-
February 8, 2001 at 1:25 am #3844310
Help!! I forgot my password!!
by purple713 · about 21 years, 11 months ago
In reply to Help!! I forgot my password!!
To answer your question:
Here are some procedures that I follow:1. Ask for the user name
2. Extension of the phone
3. Room Number
4. Ask for his director’s name (if the user stumbles, you know that something is wrong.) Explain to the user that is for security measures5. Call the person’s Director to see if that user is in fact in the office. (Always helps.)
-
March 12, 2001 at 1:28 am #3699701
Help!! I forgot my password!!
by mike emeigh · about 21 years, 10 months ago
In reply to Help!! I forgot my password!!
Poster rated this answer
-
-
February 8, 2001 at 3:26 am #3844213
Help!! I forgot my password!!
by mike emeigh · about 21 years, 11 months ago
In reply to Help!! I forgot my password!!
To Marty R:
I am looking for a “common sense” answer. I’m really more interested in what others are really doing, rather than anything that might be “politically correct” but isn’t likely to be followed in practiuce.
-
February 8, 2001 at 10:33 am #3850225
Help!! I forgot my password!!
by mfitch · about 21 years, 11 months ago
In reply to Help!! I forgot my password!!
I’ve gotten flack for trying to implement here (it worked great at my last company), but requiring the user’s supervisor to authorize the reset via email serves to both authenticate the request AND deters the users from making multiple stupid mistakes with there passwords.
It may also alert the area supervisor to possible security compromises in their area.
One day….
-
March 12, 2001 at 1:28 am #3699702
Help!! I forgot my password!!
by mike emeigh · about 21 years, 10 months ago
In reply to Help!! I forgot my password!!
Poster rated this answer
-
-
February 14, 2001 at 8:26 am #3833132
Help!! I forgot my password!!
by rachel_s · about 21 years, 11 months ago
In reply to Help!! I forgot my password!!
Mike –
Read an article once (here I think?) that discusses this topic. You could implement security cards and readers (expensive and can be lost) or have the person come and show you thier ID (yeah right!). They suggest getting information about the user and leaving the password on the person’s voice mail – (most likely they haven’t forgotten that password!). Hopefully all the users have a phone and don’t write the phone mail password on or by their phones (like here!).
-Rachel-
March 12, 2001 at 1:28 am #3699698
Help!! I forgot my password!!
by mike emeigh · about 21 years, 10 months ago
In reply to Help!! I forgot my password!!
Poster rated this answer
-
-
February 21, 2001 at 7:48 am #3847730
Help!! I forgot my password!!
by jasontik · about 21 years, 11 months ago
In reply to Help!! I forgot my password!!
Send the password to their e-mail address
-
March 12, 2001 at 1:28 am #3699699
Help!! I forgot my password!!
by mike emeigh · about 21 years, 10 months ago
In reply to Help!! I forgot my password!!
Poster rated this answer
-
-
March 12, 2001 at 1:28 am #3699697
Help!! I forgot my password!!
by mike emeigh · about 21 years, 10 months ago
In reply to Help!! I forgot my password!!
This question was closed by the author
-
-
AuthorReplies