People forget passwords from time to time. Some systems provide a way to change passwords without involving help desk admin. This is an RFE to change passwords without requiring admin to reset it on your behalf.
Thoughts about what use cases and workflows need to be supported: 1. Administrator decides to enable this feature. There should be a way for him via UI and CLI to: - Enable or disable feature for all, some group(s) of users or specific users - Set the list of the values that each user must have. For example each user has a badge ID printed on the user badge. Each user can have a cube number or some other piece of information that is internal to the company that user knows. The admin himself might not know all these values and might not be able to populate this data in advance. - Set number of the user defined questions that need to be populated by user. - Select subset or extend the default list of the default live questions the user can choose from. - Define system wide policies around answers to the questions, for example, the minimal length of the answer, case sensitivity of answers etc. - See which users have populated their life questions - Get notified if someone reset password using life questions. 2. User accessing self service should be able to: - Setup the life questions for himself - Test authentication with life questions 3. User accessing web UI without ticket and not remembering his password should be able to: - Indicate that he forgot password - Go through the serious of prompts that would ask for life questions - Be brought to the password change prompt - Be brought to the original screen to use the new password Note: In future when we allow native OTP authentication and password is used as PIN (one of the OTP use cases) the procedure would just change the PIN and would not log the user in but rather require him to re-authenticate with changed PIN and his token he is supposed to have. This is why I suggest brining user to the original screen rather than automatically logging him in, but this debatable.
This is a bad idea from a security point of view. Instead of one password, there would be two (or more), and an attacker could choose the easier one to crack.
Badge IDs and cube numbers are a particularly bad example: how is this different than writing the password on a post-it note and sticking it to the monitor?
In the age of Facebook, traditional "life questions" tend to be frighteningly easy to answer.
I strongly agree with everything pviktori said. This is a misfeature that only gives a false sense of security. With these "security" questions, all you need to break into someone's account is a little bit of social engineering.
It is a convenience feature and people should be able to pick what they need. Life questions is an industry standard for password recovery for a decade. Some are better some are worse, some are actually pretty good. It all depends on the complexity of questions and ability to get the answers. This is a valuable feature and IMO we should implement it eventually. The better default questions we can come up the stronger feature will be.
Metadata Update from @dpal: - Issue assigned to someone - Issue set to the milestone: Ticket Backlog
Login to comment on this ticket.