Security Basics mailing list archives

Re: How to authenticate an user via telephone?

From: Scott_Miller () progressive com
Date: Thu, 5 Dec 2002 12:58:21 -0500


We use a automated process at Progressive to reset password.
Voice Vault is the company who make it.
The user calls a number and then repeat a series of numbers in different
order for the voice recognition.
The software then changes the password and then tells the user.



                                                                                                                        
              
                      "Marc Cuypers"                                                                                    
              
                      <m.cuypers@pando         To:      <security-basics () lists securityfocus com>                    
                 
                      ra.be>                   cc:                                                                      
              
                                               Subject: Re: How to authentificate an user via telephon?                 
              
                      12/04/2002 12:44                                                                                  
              
                      PM

Hello colleauges,

imaging the following situation:

User calls the helpdesk to reset/alter some kind
of account-password (NT, RAS, PKI-PIN ...) and you
has to determin wheter the user is the correct
(owner of the account) user. What would you do
to authentificate the users identity?

What are good methodes to do this? It should be
easy for the user but secure for the administration.


Robert

Helpdesk calls user back at a known telephone number (could be a mobile
number).

Marc

Current thread:

Re: How to authenticate an user via telephone? Scott_Miller (Dec 05)