Security Basics mailing list archives
AW: How to authentificate an user via telephon?
From: "Robert Sieber" <rsieber () web de>
Date: Wed, 4 Dec 2002 19:50:54 +0100
Thanks for all replies! For me it ist a very hard question because I don't know where all of the up to 20.000 clients are located - there are also RAS users with tokens ode PKI chipcards. The other problem is that all clients are employed by bank institutes and so passwords are more critical than in other cases I thought about th following procedurs: - help desk has two telephone numbers - the client will get a call back from help desk Well, lets see. Robert
-----Ursprungliche Nachricht----- Von: bsm14096 () ad creighton edu [mailto:bsm14096 () ad creighton edu] Gesendet: Mittwoch, 4. Dezember 2002 18:43 An: Robert Sieber; security-basics () lists securityfocus com Betreff: RE: How to authentificate an user via telephon? Robert, In a past life we would send the new password to a known email address for the person whose account is reset. If email is not available we would leave the reset password on the users voice mail. Both systems would only be accessible by the person whose account is reset. If someone other than the owner of the account requests a reset, the account is still safe, assuming email and vmail are secure. Bryan -----Original Message----- From: Robert Sieber [mailto:rsieber () web de] Sent: Tuesday, December 03, 2002 12:50 PM To: security-basics () lists securityfocus com Subject: How to authentificate an user via telephon? Hello colleauges, imaging the following situation: User calls the helpdesk to reset/alter some kind of account-password (NT, RAS, PKI-PIN ...) and you has to determin wheter the user is the correct (owner of the account) user. What would you do to authentificate the users identity? What are good methodes to do this? It should be easy for the user but secure for the administration. Robert -- http://board.protecus.de - Firewalls, Security and more ...
Current thread:
- Re: How to authentificate an user via telephon?, (continued)
- Re: How to authentificate an user via telephon? Richard Caley (Dec 05)
- Message not available
- Re: Switch and Hub Testing Project Julian Young (Dec 09)
- RE: How to authentificate an user via telephon? Bent.Mathiesen (Dec 04)
- Re: How to authentificate an user via telephon? Torsten Mueller (Dec 05)
- Re: How to authentificate an user via telephon? Margles Singleton (Dec 04)
- RE: How to authentificate an user via telephon? Champion, Steve (Dec 04)
- RE: How to authentificate an user via telephon? Valter Santos (Dec 05)
- RE: How to authentificate an user via telephon? Brian Cook (Dec 05)
- RE: How to authentificate an user via telephon? Schuler, Jeff (Dec 05)
- RE: How to authentificate an user via telephon? McLaughlin, Bryan (Dec 05)
- AW: How to authentificate an user via telephon? Robert Sieber (Dec 05)
- RE: How to authentificate an user via telephon? Darryl W. Malcolm (Dec 05)
- RE: How to authentificate an user via telephon? Art Tarsha (Dec 05)
- Re: How to authentificate an user via telephon? Chris Berry (Dec 06)
- Re: RE: How to authentificate an user via telephon? Robert Sieber (Dec 06)
- RE: How to authentificate an user via telephon? mario . walter (Dec 06)
- RE: How to authentificate an user via telephon? Gary Turovsky (Dec 06)
- RE: How to authentificate an user via telephon? Mark Medici (Dec 06)
- RE: How to authentificate an user via telephon? Chris Berry (Dec 06)