4 Replies Latest reply on Jan 13, 2009 1:07 PM by CClev

    Offline Self-Recovery

      Hi All,
      Just been looking at whats new in build 5500.
      I noticed one major new feature is offline self-recovery.

      I'm guessing this is something along the lines of the user selects additional questions/answers to their profile, and if they do forget their password, they can use this to reset it? Is that correct?

      Has anyone actually had a chance to play around with this yet? Thoughts?

      Thanks.
        • 1. RE: Offline Self-Recovery
          I like it, but then I'm a security guru.

          The safety and usefulness is arguable both ways - an attentive user will give solid answers to their questions in a way which is not easily guessed, an inattentive user will give simplistic answers that are easy for a hacker to determine.

          So, do you trust your users to set it up appropriately, or are they going to give the answer "Monday" to every question?
          • 2. RE: Offline Self-Recovery
            The questions are configurable though, right? So all you would need to do is construct a single highly complex question that requires the user to type a similarly complex answer. Something like... "Describe the benefits of encryption using fifteen words or less."
            • 3. RE: Offline Self-Recovery


              Your user's forgotten the password they use EVERY DAY, what chance is there of them remembering a set of answers they entered months ago? :eek:
              • 4. RE: Offline Self-Recovery
                I was looking for some additional info on how the user self-reset works, as far as "policies" go... I checked the EndPoint Encryption Admin Guide for PC but didn't find much in there. Is there a way to configure the user self-recovery policy such that x number of failed questions will result in the account disabling, or even the laptop disabling? I would love to use this feature but can't convince Security to allow it without some additional safeguards. sad