After an electronic identity (handle) has been bound to a user, it is not unheard of for a user to forget his or her password attached to this identity. The typical scenario following such an event requires the user to visit an accounts office and present positive identification, after which the password is reset to a default or the user is able to select a new password.

An alternate approach is to provide additional authenticating information at the time the identity is bound to the user. In the event of a forgotten password, the user may authenticate using this additional information and, if successful, select a new password. This approach has been adopted by a number of organizations, although there does not yet seem to be a standard mechanism.

The intent of the Sphinx project is to develop a self-service identity recovery system. Following is the proposed Sphinx scenario:

1. User establishes identity. The mechanism is not important here, and may include presenting photo identification, responding to questions about secrets the system knows about the user, providing a credit card to purchase an account, and so forth. Note that users may have already established their identity before the deployment of this service.

2. User provides additional authenticating information. The user provides answers to one or more questions: from a preset list, of their own choosing, or both. The specific questions and formatting remains to be researched; there do not appear to be well accepted standards. The storage of these questions and answers also remains to be researched; information that is the potential equivalent of a Kerberos password may need to be stored in an equivalently secure manner (possibly in the KDC itself).

3. User forgets password. Upon visiting the Sphinx interface, the user is prompted with the question or questions selected in the previous step. A certain number of answers must be provided to successfully authenticate; the specific number remains to be researched. Upon successful authentication, the user is prompted to select a new password. Additionally, the user may be prompted to select new questions. Upon failed authentication, a security alert should be raised.

Implementation of a Sphinx system may be completely independent of both the existing and new ID systems, or may be loosely or tightly integrated. The requirements of Sphinx are a storage mechanism to hold the questions and answers, and the ability to change Kerberos passwords. Both of these requirements are potentially independent of the ID system. However, additional features that may be desirable, such as creation of history entries and "seamless" transition to the Sphinx interface, may require some integration.

• Non-exhaustive survey of other sites
• psynch.com best practices