Here's one for ya. For background, students at my school get four different computer accounts that initially, are all set to the same password but if they change their passwords within either of them, it only affects that specifc account, not the others. To assist with this potential for confussion, last year we rolled out a password reset tool that will change all four passwords to a single, user selected password at once.
The initial setup of the reset tool requires the student to select three questions and provide answers to them. Upon using the tool, the student is presented with these three questions and upon successfully replying to all, they can change their passwords.
Today, a student came to me saying he couldn't get into one of his accounts so I reminded him of the reset tool. He disappeared for a few minutes then returned mentioning that he forgot the answers to the questions.
Is this okay?
Should he get a free pass or does he need to be reminded that the purpose of the tool is for security and the idea is to select questions and answers that are easy to remember?
I know first hand how many passwords we are overwhelmed with in the modern world and I can't say that I've never forgotten a password.
What are your thoughts?