Challenge-Response Password Reset Option
If you forget your PennKey password, you can reset it online if you have chosen to enroll in Challenge-Response.
Although the term "Challenge-Response" may be unfamiliar, you may have used similar methods to reset forgotten passwords on other web sites. A user is asked to answer personal questions. Later, if the user can answer the same questions correctly, information is given about how to reset a forgotten password.
There are two applications associated with Challenge-Response:
- The Enrollment Application is used to initially enroll in Challenge-Response, to change your Challenge-Response settings, or to cancel enrollment in Challenge-Response.
- The Password Reset Application is used to reset your password online if you forget it.
How the Challenge-Response Applications Work
Enrollment Application. Log in to the Challenge-Response Enrollment Application using your PennKey and Password to authenticate. Provide answers to three personal information questions. You may return to the enrollment application at any time to change your questions and answers or to cancel your enrollment.
Password Reset Application. If you forget your PennKey password,
log in to the
Challenge-Response Password Reset Application using the last 4 digits of your SSN,
your date of birth, and your Penn
ID to authenticate. When your three questions are displayed,
confirm your identity by entering exactly the same answers you
provided originally. You will then be linked directly to the PennKey Registration site to reset your password.
Should you forget your answers to the personal information questions, you can reset your password by using a PennKey Setup Code obtained from a PennKey administration station or by calling the PennKey Setup Code Request Line.
Should I Use Challenge-Response?
Challenge-Response is a good option
- if you want the "anytime, anywhere" convenience of resetting your password online
- if you travel frequently
- if you think you are likely to forget your password
You should not participate in Challenge-Response if you have access to sensitive
information (e.g., student records, payroll, financial data).
Challenge-Response is not available to individuals with Non-Persistent
PennKeys.
How Secure Is Challenge-Response?
PennKey Challenge-Response has been designed with an eye towards
strong security:
- It requires correct responses to three separate questions, rather
than just one
- It does not ask questions frequently posed on other sites (such
as "What was your mother's maiden name?")
- It does not request biographical data which could be easily
obtained from other sources (such as "What city were you born
in?")
- Passwords are never transmitted as part of the Challenge-Response
process, so they cannot be intercepted.
|
