Self-Service Password Resets

March 11, 2008 Attendees:

Wayne Donald
Kim Homer
Ismael Alaoui
Frank Galligan
Phil Benchoff
Mary Dunker
Susan Brooker-Gross
Pat Rodgers
Daniel Fisher
Steve Warrick
Carol Cornish
Karen Herrington
Dean Kirstein
Ken McCrery 

Self-Service pwd reset projects will move forward, based on Wayne and Mary's discussions. 

PID renewals:

Wayne gave overview of renewal project plans, separating into several projects.  If a someone fails to renew their PID, depending upon how the PID is disabled and when, a person might regain access to the PID, but would need to reset their password. Karen wants address dormant PID accounts first, to try to eliminate them. 

Mary: We have a need to address a security problem with compromised PID passwords that the e-mail team has noticed. Currently, these passwords are being reset one at a time, but there may be plans for a batch disabling of the PIDs with weak passwords. If a user's account is disabled because it has a weak password, the owner will need to create a new password. Depending on how the PIDs and passwords are treated, the owner may not be able to reset their password without calling 4Help. If we already had the self-service reset tool in place, it would make things easier on the help desk. However, neither PID renewal nor PID disabling due to weak password will be dependent upon the self-service password tools being ready.

There was some discussion of whether to treat self-service password resets for PIDs and Hokies as separate projects. We agreed that they would be one project. Mary will ask Joyce Landreth to sponsor the project for resetting PID and Hokies passwords.

Susan pointed out that the PMA would be an appropriate sponsor for the eToken remote password reset tool. This will be addressed when the PMA meets to determine whether or not a remote reset will be done.

Next steps:

  • Confirm sponsorship (s).
  • Start meeting to gather and document requirments for the PID/Hokies tool.
  • No labels