The University of Toledo Information Technology Department is updating the password reset questions associated with UTAD accounts to make it more difficult for someone to research the answers and gain access to accounts.
Security questions to reset passwords are a common IT industry standard control, but the increased sharing of information through social networks can make it easier for someone to research the answers and gain access to individual accounts.
Your mother’s maiden name, for example, is easy to find out if she is your friend on Facebook, and a large number of people will answer Toledo for the city they were born, said Mike Lowry, assistant manager for information security.
To help make those password security questions more secure, the University’s IT Department has eliminated options for which the answer could be found elsewhere and added new questions.
UTAD account holders who previously had a security question that has been eliminated will be taken to a screen to choose a new question when they log in. IT also has added a warning that reads, “Please choose a question that is not answerable with researchable information (i.e. Facebook, etc.)” to further raise awareness.
Account holders can visit https://myUTaccount.utoledo.edu and log in using their UTAD username and password to see if they need to set a new password reset question.