Challenge word

From CCI User Wiki
Revision as of 10:23, 6 June 2014 by Toddr (talk | contribs)

Jump to: navigation, search

The CCI challenge word is an single word identifier known only to the user that can assist in confirming his/her identity when performing security related changes i.e. enabling one-time passwords, password resets, firewall rule changes, etc.

As of August 20, 2013, all users are required to have a challenge word stored in their CCI profile.

Setup

  • Existing users can provide a challenge word either using the web form or the command set-challenge-word on lp04.

Once set, a challenge word can not be changed or reset without CCI staff verifying an individual's identity by some other means.

Choosing a challenge word

A challenge word should be a single word that is unique and easy to remember but hard for others to guess.

Examples of good challenge words:

  • If you are a gardener, tomato may be a good challenge word.
  • If you enjoy reading, library may be a good challenge word.

Examples of bad challenge words:

  • If you work for RPI, rensselaer is not a good challenge word. (Too easy to guess.)
  • Your favorite color (yellow) or your favorite drink (coffee). (Not unique enough.)

Use

Upon creation, a user's challenge word is hashed and stored along with his/her profile. It can not be recovered or known to another user or CCI staff. This means that the original word should exist only inside the user's head.

The challenge word will be used as part of user-initiated security changes such as setting up TOTP/two-factor authentication or resetting a password. The challenge word should never be shared with anyone as doing so compromises the security of the associated accounts.