Solution C

Submitted by jjanssen on Fri, 03/05/2004 - 10:00. Password Reset

Option C is Option A & B Combined.

I have a few general comments regarding both solutions. I like that Solution A is pulling data from both IFAS and OpenLDAP. Unfortunately if you found a persons ID card and went on line and paid $20 for their SSN or just pulled it from IFAS you could reset their password. I like that Solution B includes a re-engineered challenge question because this would be the toughtest of all of the data to gather on the person, if the challenge questions are strong enough. I don't like that all of the data can be pulled from one system. My recommendation is a combination of the two solutions. I think we should add last four of SSN to Solution A.

Also, I think we need to add some protection against script attacks. Possibly the random JPEG word entry that ticketmaster.com uses?

-- Darren Flynt

Solution B