Solution A
Submitted by jjanssen on Tue, 03/02/2004 - 15:12.
Password Reset
Assumptions
This solution assumes that we can easily gain access to IFAS data for authentication of identifiers.
Steps
- User selects "I forgot my password" link on udeupa login page.
- User prompted for for UID (Username), ApuIdNumber, and last four digits of social security number.
- Verify submitted data against LDAP and IFAS.
- If passes verification, user may reset password in accordance with the password strength policy.
Questions
- Should password be reset to random string, or should user be able to reset to new password of their choosing?
- Does asking for Social Security Number violate FERPA? (skohrman looking into this).
» printer-friendly version | login to post comments
