Looking for best practices on password recovery

Inevitably, when we discuss “loosely coupled” approaches with educational institutions, the conversation inevitably turns to “security and authentication” issues. But really, often what is meant is “those nasty web 2.0 tools won’t single sign-on to my [monolithic, obscure] campus login system, so what are we to do?”

The last time I was in this conversation, Brian Lamb made the simple but inspired observation that a huge portion of the problems single sign-on “solves” could be more easily handled with just a simple password recovery process, and challenged the educators in the room to think about how easy it was to retrieve a lost password on their current institutionally provisioned systems (any misstatement here is my own, Brian please correct me if I got this wrong). There was widespread murmuring to the effect that he had a point.

But which raised this question – can someone point me to what the best practice is for recovering a password? Asking for username comes with one set of problems, asking for email address another. I’m sure someone’s already looked at this extensively – lazyweb, help me out! – SWL

My Recent OpenID Preso

http://www.slideshare.net/sleslie/open-id/

Somehow I think this is likely of limited value if you are reading this blog. I don’t think I really know that many people who don’t know what OpenID is or why we in higher ed should be paying attention to it. But when I gave this talk during an ‘student authentication’ session at the recent WCET conference in Atlanta, a scant 2 people in a room of 50 put their hands up when asked if they had heard of OpenID. So maybe there’s still some folks who might find this useful. Anyways, here it is, hope it helps. (As an aside, I was presenting alongside some scary biometrics ‘1984’ remote proctoring tech in a session entitled “Student Authentication: Do You Know Who is in Your Classroom?” My joke, which I didn’t dare make to the crowd, was that I thought the session was titled “OpenId – Are students still the same people when they are in your classroom?”) – SWL