User Authentication / Verification
Greetings,
We're looking to change our network password change policy to a more-or-less standard MS best practice. As a result, we, the IT department, will no longer know user passwords. The problem is that previous passwords were a means of user identifcation/ verification/ authentication. Thus, we need a new method. We had proposed using the last 4 digits of the user's SSN, but that was rejected. I do see that there are some software/application solutions out there. However, I'd like to see what other people/compainies are doing. Anyone have a recommendation? I tired to do a search, but the results were all over the place and not related.
Thanks,
Jer.
We're looking to change our network password change policy to a more-or-less standard MS best practice. As a result, we, the IT department, will no longer know user passwords. The problem is that previous passwords were a means of user identifcation/ verification/ authentication. Thus, we need a new method. We had proposed using the last 4 digits of the user's SSN, but that was rejected. I do see that there are some software/application solutions out there. However, I'd like to see what other people/compainies are doing. Anyone have a recommendation? I tired to do a search, but the results were all over the place and not related.
Thanks,
Jer.
Last Comment
A simple solution I used was: user@company for all the users except the management.
I agree, the IT should not know the users password, the point of accountability fails; the password was only known to you therefore we have come to the conclusion that the following activity was performed by you.
Now the user can claim that the IT must have used his account, I know this is a extreme case but it could happen at the most unlikely of times.
Now the user can claim that the IT must have used his account, I know this is a extreme case but it could happen at the most unlikely of times.
You can verify users as simply as calling them back on a know telephone number or getting the reset request emailed by a line manager or a combination of both..or you could just get to know the users, have them pop in face to face (difficult with large multi site companies i know but i have never know a large multi site company to use a password policy like you are using.
ASKER
Um. There seems to be some considerable confusion here. I do not want to know passwords. That is the reason for the change in practice. However, as stated, since we did know previous passwords, we were able to use them to verify a caller. Thus, I'm looking for suggestions for a way to verify the caller (without having to manufacture a secret question for each user). We have over 400 users in 14 states, and most are mobile. Again, the sole purpose of this inquiry is to identify what people are doing in the real world to address user verification for password resets.
Thank you,
Jer
Thank you,
Jer
electronic id or sso pass could be great, no?
unique id with specific hash they plug on demand to verify...
unique id with specific hash they plug on demand to verify...
ASKER CERTIFIED SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Due to the additional research, I've delayed this project a bit. Still considering options.
SOLUTION
THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
ASKER
Sorry for the delay in closing this question. Javed, thanks for the suggestions. While I didn't use them (directly), at least you attempted to answer the question with pertinent/realistic information.
Thanks
Active Directory
Active Directory (AD) is a Microsoft brand for identity-related capabilities. In the on-premises world, Windows Server AD provides a set of identity capabilities and services, and is hugely popular (88% of Fortune 1000 and 95% of enterprises use AD). This topic includes all things Active Directory including DNS, Group Policy, DFS, troubleshooting, ADFS, and all other topics under the Microsoft AD and identity umbrella.
86K
Questions
--
Followers
--
Top Experts
Get a personalized solution from industry experts
TRUSTED BY
If you need access to the account, for whatever reason, you could either ask the user to log in, or if they are on long term sick, reset their password, log in to do whatever, then set their password to be changed at next login.
In my company, a user choose whatever password they want. If I need to do something, I go on as an admin account or if the user is having issues, I'll have them log in so I can see the issue. This can be worked around with Remote Assistance, but that isn't always practical.