The CCNI challenge word is an single word identifier known only to the user that can assist in confirming his/her identity when performing security related changes i.e. password resets, firewall rule changes, etc. As of August 20, 2013, all users are required to have a challenge word stored in their CCNI profile.
- New users filling out the online registration form will provide a challenge word as part of their profile.
- Existing users can provide a challenge word either using the web form or the command
Once set, a challenge word can not be changed or reset without CCNI staff verifying an individual's identity by some other means.
Choosing a challenge word
A challenge word should be a single word that is unique and easy to remember but hard for others to guess.
Examples of good challenge words:
- If you are a gardener, tomato may be a good challenge word.
- If you enjoy reading, library may be a good challenge word.
Examples of bad challenge words:
- If you work for RPI, rensselaer is *not* a good challenge word. (Too easy to guess.)
- Your favorite color (yellow) or your favorite drink (coffee). (Not unique enough.)
Upon creation, a user's challenge word is hashed and stored along with her/her profile. It can not be recovered or known to another user or CCNI staff. This means that the original word should exist only inside the user's head.
The challenge word will be used as part of user-initiated security changes such as setting up TOTP/two-factor authentication or resetting a password. The challenge word should *never* be shared with anyone as doing so compromises the security of the associated accounts.