Security Basics mailing list archives
Re: How to authentificate an user via telephon?
From: Richard Caley <rjc () interactive co uk>
Date: 04 Dec 2002 18:55:02 +0000
In article <BBENJKHLDJKKOGPHEIOEKEGLCIAA.rsieber () web de>, Robert Sieber (rs) writes: rs> User calls the helpdesk to reset/alter some kind rs> of account-password (NT, RAS, PKI-PIN ...) and you rs> has to determin wheter the user is the correct rs> (owner of the account) user. What would you do rs> to authentificate the users identity? One from my bank: you send them paper mail with a temporary security code in it, they have to call within N days and tell you the code, then you accept they are who they say they are. For paranoia, you need to disguise the paper mail so it is less likely to be intercepted. One stage further, send them paper mail to home and office, they have to get both. Or, not very secure but has someone else do the hard work: have them pay you some trivial amount of money by (registered) credit card, with all the checks available from the CC issuer (id number on the back of the card etc). People will lose any id object you give them, or allow it to be lifted and never notice/report it, but are a bit more paranoid about their credit cards. If you are nice you might then refund the money (minus the CC company handling charge), if you aren't you treat it as a fine for losing their password. -- Mail me as MYFIRSTNAME () MYLASTNAME org uk _O_ |<
Current thread:
- Re: How to authentificate an user via telephon?, (continued)
- Re: How to authentificate an user via telephon? Brad Arlt (Dec 04)
- Re: How to authentificate an user via telephon? Muhammad Naseer Bhatti (Dec 05)
- Re: How to authentificate an user via telephon? Brad Arlt (Dec 05)
- Re: How to authentificate an user via telephon? Muhammad Naseer Bhatti (Dec 05)
- Re: How to authentificate an user via telephon? Gene Barlow (Dec 05)
- Re: How to authentificate an user via telephon? Valter Santos (Dec 05)
- Re: How to authentificate an user via telephon? Gene (Dec 06)
- Re: How to authentificate an user via telephon? Valter Santos (Dec 05)
- RE: How to authentificate an user via telephon? Burton M. Strauss III (Dec 05)
- Re: How to authentificate an user via telephon? James W. Meritt (Dec 05)
- Re: How to authentificate an user via telephon? Marc Cuypers (Dec 05)
- Re: How to authentificate an user via telephon? J . Reilink (Dec 05)
- Re: How to authentificate an user via telephon? Richard Caley (Dec 05)
- Message not available
- Re: Switch and Hub Testing Project Julian Young (Dec 09)
- Re: How to authentificate an user via telephon? Brad Arlt (Dec 04)
- RE: How to authentificate an user via telephon? Bent.Mathiesen (Dec 04)
- Re: How to authentificate an user via telephon? Torsten Mueller (Dec 05)
- Re: How to authentificate an user via telephon? Margles Singleton (Dec 04)
- RE: How to authentificate an user via telephon? Champion, Steve (Dec 04)
- RE: How to authentificate an user via telephon? Valter Santos (Dec 05)
- RE: How to authentificate an user via telephon? Brian Cook (Dec 05)
- RE: How to authentificate an user via telephon? Schuler, Jeff (Dec 05)
- RE: How to authentificate an user via telephon? McLaughlin, Bryan (Dec 05)
- AW: How to authentificate an user via telephon? Robert Sieber (Dec 05)