-
Created by
Mary Dunker, last updated by Greg Kroll on May 04, 2010
2 minute read
Self-service password reset project for PIDs and Hokies kickoff Meeting
May 27, 2008
Attendees:
Joyce Landreth
Rhonda Randel
Kevin Rooney
Marc DeBonis
Daniel Fisher
Kim Homer
Ken McCrery
Susan Brooker-Gross
Phil Benchoff
Karen Herrington
Dean Kirstein
Greg Kroll
Mary Dunker
Absent: Brad Tilley
Laurel Neidigh
The agenda for the meeting was to review the draft IT Low Risk Project Form and Budget Worksheet. Project sponsors were confirmed:
4Help, with Joyce Landreth as representative and Dean Kirstein as backup.
IRM, with Rhonda Randel and Karen Herrington representatives.
Project Manager, Mary Dunker will handle paper work and facilitate meetings with assistance from Greg Kroll as needed.
Technical Project leaders: Daniel Fisher, Kevin Rooney, Marc DeBonis, Ken McCrery, with testing and usability input from SETI Test and Deployment (Kim Homer & Laurel Neidigh.)
Susan Brooker-Gross will lead communication and marketing efforts to the user community. A security review of the project will be requested to be performed by the IT Security Office.
Challenge Question/Answer pairs are currently required for guest access to the wireless network, so we should learn from the research done by Brian Early, CNS. Phil Benchoff will help assist in identifying peope from CNS to discuss their experiences with a subset of those in attendance today. Kim Homer shared informaton from Laurel Neidigh's research into what other universities are doing with challenge/response:
Per Laurel:
Tufts University
It has the option of choosing among 5 given security questions, or creating your own. I think having the additional option to create your own question makes it much more secure, rather than having questions that anyone could easily find the answer to such as your Mother's maiden name, or High School mascot, etc.
This pdf file shows very clearly each step of the process.http://uit.tufts.edu/downloads/PassResetTips.pdf
The University of North Carolina Greensboro https://banweb.uncg.edu/prod/hwzksspr.P_UncgSSPR
Villanova University Uses email ID and birth date to get to security questions http://vuauth.villanova.edu/vusecurity/passwordSelfReset
Kevin Rooney offered this link to http://sunset.usc.edu/csse/research/COCOMOII/cocomo_main.html for estimating costs and schedules for development projects.
Mary will update the draft low risk project form and budget and post to the NI&S and Middleware Wikis. (See attachments referenced on parent page.)