Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: How to authentificate an user via telephon?

From: <securityfocus () ellermann com>
Date: Wed, 4 Dec 2002 10:02:28 -0700
One suggestion is:

Verify his name matches his physical desk location identification in your
records and call back the phone number you have on record to give them the
new temp password.

-----Original Message-----
From: rsieber () web de [mailto:rsieber () web de]
Sent: Tuesday, December 03, 2002 11:50 AM
To: security-basics () lists securityfocus com
Subject: How to authentificate an user via telephon?


Hello colleauges,

imaging the following situation:

User calls the helpdesk to reset/alter some kind
of account-password (NT, RAS, PKI-PIN ...) and you
has to determin wheter the user is the correct
(owner of the account) user. What would you do
to authentificate the users identity?

What are good methodes to do this? It should be
easy for the user but secure for the administration.


Robert

--
http://board.protecus.de - Firewalls, Security and more ...
Previous By Date Next
Previous By Thread Next

Current thread: