-
Created by
Mary Dunker, last updated by Greg Kroll on May 04, 2010
2 minute read
Attendees:
- Joyce Landreth
- Dean Kirstein
- Phil Benchoff
- Daniel Fisher
- Mary Dunker
- Susan Brooker-Gross
- Frank Galligan
- Ismael Alaoui
- Marc DeBonis
- Kimberley Homer
- Wayne Donald
- Mary Dunker
- Kevin Rooney
- Pat Rodgers
- Karen Herrington
The documentation that was posted since the November 9 meeting was discussed. The schools that responded to Marc's poll have implemented a self-service password reset service using challenge/response. Our Help desk handles about 7000 resets per year, at a cost of $18 per reset = $126,000. Over 90% of the resets are probably for PID passwords.
For any system, we would need to track the Level of Assurance (LOA) of the credential used to reset the password. PDCs on eTokens could be used to reset PID or Hokies passwords because the eToken is a higher LOA than either PID or Hokies credential.
Susan will post her list of what types of access is granted by each credential: PID, Hokies, PDC on eToken.
Frank and Ismael summarized the document on eToken password resets.
The question arose of whether we were satisfied with a level of security "as good as what we have now" for password resets by 4Help. We would like a more secure method.
Mary asked several questions on which there was group consensus that:
- Logging in with PDC on eToken is sufficiently secure to reset PID and Hokies passwords.
- It is possible to build a system that will allow PId and Hokies passwords to be reset in a manner that is "secure enough."
- The method that is used for resetting PID password can also be used to reset Hokies passwords.
Mary and Wayne will discuss next steps.