Onyen Password Challenge Response System FAQs

1. What is the Password Challenge Response System?

The Onyen Password Challenge Response System is a service UNC provides for student, faculty and staff members who have forgotten their passwords and wish to reset them without physically coming to the IT Response Center or faxing over proof of identity.

The Response System requires you to initally set up three questions that are randomly generated by the system. For each of these questions, you must choose an answer that is unique to you. These questions can be used as a 'challenge' to your future password reset requests if you ever forget your password. The challenge questions basically are used to prove your identity before a new password is given. All that is required to sign into the system is an Onyen and PID number.

This system is intended mostly for those involved in distance education programs and other off-campus users.

2. How do I setup the Onyen Password Challenge Response System so that I can use it in the future?

Visit onyen.unc.edu and click on the Manage Passwords button.

Scroll down the page until you see the heading, Challenge-Response Password Resets . Click on the link that leads you to the Challenge-Response page.

Read all the directions carefully at the top of the page. When you scroll to the bottom of the page, you will see an option to Setup/Change/Disable Questions .

Click on that button.

Enter your Onyen and Password and then choose to set up the password.
You will then have the option of selecting from a random list of questions. Choose a question that you like and then put in your answer twice. You will have to fill out a total of 3 questions and 3 answers. After finishing the last question and answer, the system will indicate that it has saved your answers and it will send you back to the Onyen page.

3. I've forgotten my password. How do I use the system?

First off, remember that you can only use the password response system if you set it up PRIOR to forgetting your password. If you never set it up, then you will have to call 962-HELP or visit the IT Response Center directly to get your password reset. If you did set up the challenge-response system, then go to http://onyen.unc.edu and click on the Manage Passwords button.

Scroll down and click on the Challenge Response page link under the Challenge Response Password Resets section.

Scroll down the page and click on the Reset Password button.

Enter your Onyen and PID in the fields provided.
The system will then prompt you with the 3 questions you originally chose to use when you set up the system. Answer the three questions appropriately.
When you answer all three of the questions correctly, the system will ask you to enter in a new password twice. After doing so, press 'Okay'. Your password is reset!

4. I got an email saying that I tried to reset my password and failed. I didn't try to reset my password. What's going on?

Anytime someone (even you) tries to reset a password using the Challenge-Response system and fails to answer the response questions, an email is automatically sent to the owner of the Onyen notifying them of the attempt.

If you ever get an email saying that someone attempted to change your password and failed, then forward that email immediately to: security@unc.edu . The Network Security department will investigate the issue and try to find out who attempted to reset your password.

5. I forgot the answers I used when I originally set up the system. What do I do?

If you still know your password, then you can set it up again without knowing what you chose originally for your answers.

If you don't know your password, then you will have to contact the IT Response Center at 962-HELP for instructions.

6. I answered my questions wrong and the system kicked me out. How long will it be before I can try to change my password again?

One hour.

7. I am concerned that I will forget the answers to my questions. How can I safely store the answers in case I need to refer to them in the future?

Although it's always a physical security issue to write down your passwords, it's relatively safe to write down the answers to your challenge-response questions as long as you store them somewhere out of public view. Don't keep them on your desk or somewhere obvious. A safe or any place that requires a lock to open is ideal. If not, hide it somewhere relatively random but significant enough to you that you'll remember where you put it. Preferably, you want to choose questions that you already know the answer to - questions like Your father's middle name and The last 4 digits of your driver's license are good choices because the answers are static and never apt to change.

• Administrative (Remedy, Financial)
• Advanced Computing (Research, Statistics)
• Blackboard (Educational Technology)
• Campus Information (Calendars, Directories)
• Communication (Phones, Conferencing)
• Data Storage (Backup, Recovery)
• Email (Lists, Webmail)
• Networking (Wireless, VPN)
• Security (Policy, Viruses)
• Software (MS Office, Operating System)
• Support (Laptops, Printing)
• Web (Browsers, Web Design)