As of today, April 5, if you have Duo installed and forget your Onyen password, you can use Duo to reset your password at onyen.unc.edu. Duo confirmation replaces the challenge questions.
ITS changed how passwords are reset to simplify the process for the campus community and to increase identity security.
Reset password anytime
If you ever had to reset your password, you recall how resets previously were conducted. Remember the questions you answered about yourself when you set up your Onyen? If you forgot your password and called the ITS Service Desk for help, support technicians had you answer those questions to prove that “you’re you” and safely reset your password.
That’s how password resets worked until ITS launched the new method last night.
You can now reset your password 24 hours a day, seven days a week. It doesn’t matter when you need to reset your password and if it’s outside of Service Desk hours because you’re using the two-factor authentication system to accomplish the reset yourself. It’s always available and it’s easier and faster.
2-step is more secure
Now what about identity security and those challenge questions? Everybody knows about and is familiar with challenge questions.
Over the years, you’ve used them to set up online banking and other online accounts. You’ve likely provided those answers to many sites. Those answers also may be easily discovered in public records and from what you’ve posted on social media.
That’s why the Information Security Office within ITS, national institutions and other groups no longer consider the security model safe enough. Current guidance says that resetting a credential needs to require strong proof of identity, such as two-factor authentication or confirmation that the person resetting the password has presented a government-issued ID.
The password reset using Duo 2-step verification project is a collaboration of several groups within ITS, including Identity Management, the Information Security Office, and Change Management.