Visit the new ACCC website! (beta)
ACCC Home Page Academic Computing and Communications Center  
Accounts / Passwords Email Labs / Classrooms Telecom Network Security Software Computing and Network Services Education / Teaching Getting Help
 

Setting Emergency Password Rescue Mechanisms -- The Details

     
 
     
Overview and URLs
 

You can register an Emergency Email Address or a Challenge/Response with the password change database for future use. Of course you will need to prove you have a valid password to register or change these rescue mechanisms, so if you don't register one or both before you forget your password, you're out of luck. So do it now, before you need it.

To register your Emergency Email Address for Challenge/Response, on the top of any ACCC Web page, including the home page (http://www.accc.uic.edu) and this one:
Click Accounts -> Click Here before you forget your password.
To use them, on the top of any ACCC Web page, including this one:
Click Accounts -> Help! I've forgotten my password!

  
     
Set Emergency Email Address
 
How Does Emergency Email Work?

On the Help! I've forgotten my Password! Web page, your type your netid in the box in the Or Use Emergency Email section and click the Send Rescue Info... button. Then we will send a special secret and a URL to your emergency address. You go to that URL and cut-and-paste the secret from the note (without any blanks at the beginning or the end) into the Web page and click Submit Secret. If the secret matches, you will be transferred to the ACCC password changing utility and you can change your ACCC password.

How Secure is Emergency Email?

Really, it's up to you. Don't give us an address that you consider insecure. And do be sure you can read the email without using the ACCC password you might forget. Don't tell other people about the account, don't tell them it's your Emergency Email account, and don't use an easily guessable password for it.

  
     
Set Challenge Response
 
How Does Challenge and Response Work?

On the Help! I've forgotten my Password! Web page, your type your netid the box in the Use Challenge/Response section, and click Change my Password.... In the next screen we give you your challenge question and a box for you to type your response reply and two boxes to type and retype your new password. Fill in all the boxes and click the Change Password Using Challenge Response button.

Be sure to pick a Good, Secure Response Phrase. It should be easy for you to remember, but hard for anyone else to guess, even for someone who knows you.

How About an Example?

Challenge:
What book did I drop into Fred's swimming pool?
And response:
A Tale of Two Cities
This is a good response -- it would be easy to remember and hard to guess, unless the all your friends where there when you dropped the book into Fred's pool or it's your favorite late summer remembrance story. There are lots of books and it's unlikely that anyone would guess the name. It would probably be better if it were misspelled in some way that you could remember.

How Secure is my Challenge/Response?
Anyone on the Internet can find out your Challenge phrase. And that same anyone can then make many guesses at your Response. We have to give out the Challenge phrase, not knowing who you are, because if we knew who you really are (i.e. if you still had your password), you wouldn't need our help changing your password! Thus, a Challenge like What is my spouse's name? is not very secure. (Unless, of course, the recorded response has nothing to do with your spouse's name! However, you'd better be sure you can remember your Response a year from now.) Also, a Challenge like What is my favorite color? is also not secure, even if no one knows your favorite color is red. Why? Because there aren't all that many colors to guess.
What Else?
The Response will be recorded as you type it. You must not forget your Response, or this service is useless. By all means, use oddball punctuation if you can remember it, because this makes it much harder to guess. However, we will squeeze out multiple spaces between words, because it's too hard to remember them.
How Should I Pick a Challenge/Response?
Carefully. You can use up to 250 characters in the Challenge, and 250 characters in the Response; the minimum is 15 characters for each. Using lots of characters helps keep the Response secure, so use a full phrase or sentence, perhaps with oddball punctuation. Pick the Challenge so it will easily remind you, but no one else, of what your Response is.
What if I have further questions?
Send questions or comments to www@uic.edu
 

2004-10-20  ACCC Consultants
UIC Home Page Search UIC Pages Contact UIC