Security Basics mailing list archives
Re: How to authentificate an user via telephon?
From: Valter Santos <vsantola () devfusion net>
Date: 05 Dec 2002 17:55:10 +0000
Hello Gene, but that sollution will fail for a person-target attack... I can find with little effort the ssn & birthdate of a target person and pretend to be her/he. I suppose the callback sollution is better, althought as it flaws 8-( cheers, /valter On Wed, 2002-12-04 at 17:27, Gene Barlow wrote:
Robert, Currently, I'm in the process of getting approval on a new procedure for doing just that. If approved, we'll write a script that will query the last 4 digits of the users ssn & birthdate against our ERP software. So, for instance, if John Doe calls and requests a password change, we'll ask for the last 4 digits of the ssn and their birthdate, type it in the script, and see if that user's name is returned in the response. If so, we know (hopefully) that the user is who he says he is... Hope this helps... Gene... Robert Sieber wrote:Hello colleauges, imaging the following situation: User calls the helpdesk to reset/alter some kind of account-password (NT, RAS, PKI-PIN ...) and you has to determin wheter the user is the correct (owner of the account) user. What would you do to authentificate the users identity? What are good methodes to do this? It should be easy for the user but secure for the administration. Robert
-- ---..---..---..---..---..---..---..---..---..---..---..---..---- Valter Santos vsantola () devfusion net ||| http://devfusion.net/~vsantola/keys/ (@ @) ------------------------------------------oOO--(_)--OOo---------
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- How to authentificate an user via telephon? Robert Sieber (Dec 04)
- Re: How to authentificate an user via telephon? Matthew McCleary (Dec 04)
- Re: How to authentificate an user via telephon? kawaii (Dec 04)
- RE: How to authentificate an user via telephon? securityfocus (Dec 04)
- Re: How to authentificate an user via telephon? Brad Arlt (Dec 04)
- Re: How to authentificate an user via telephon? Muhammad Naseer Bhatti (Dec 05)
- Re: How to authentificate an user via telephon? Brad Arlt (Dec 05)
- Re: How to authentificate an user via telephon? Muhammad Naseer Bhatti (Dec 05)
- Re: How to authentificate an user via telephon? Gene Barlow (Dec 05)
- Re: How to authentificate an user via telephon? Valter Santos (Dec 05)
- Re: How to authentificate an user via telephon? Gene (Dec 06)
- Re: How to authentificate an user via telephon? Valter Santos (Dec 05)
- RE: How to authentificate an user via telephon? Burton M. Strauss III (Dec 05)
- Re: How to authentificate an user via telephon? James W. Meritt (Dec 05)
- Re: How to authentificate an user via telephon? Marc Cuypers (Dec 05)
- Re: How to authentificate an user via telephon? J . Reilink (Dec 05)
- Re: How to authentificate an user via telephon? Richard Caley (Dec 05)
- Message not available
- Re: Switch and Hub Testing Project Julian Young (Dec 09)
- <Possible follow-ups>
- RE: How to authentificate an user via telephon? Bent.Mathiesen (Dec 04)
- Re: How to authentificate an user via telephon? Torsten Mueller (Dec 05)
- Re: How to authentificate an user via telephon? Margles Singleton (Dec 04)