RE: remote authentication

["Worrell, Brian" <BWorrell () isdh IN gov>]

So the users would call you, and over the network, you would change the
password of their device? 

What about a one time password system to Auth them?  Say it texts it to
a phone on record, and then they verify it with you over the call? 

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com]
On Behalf Of Lovena J Reddi
Sent: Wednesday, March 12, 2008 3:11 PM
To: 'Jacob Jennings'; 'Juan B'; security-basics () securityfocus com
Subject: remote authentication

Hi

 

I need to develop a process about remote authentication. I am looking a
way where I can reset someone password while being at client side n not
connecting over my network.

 

In fact I have safeboot installed on all machines and if a user report
that his safeboot account is disabled, I need to reset it but before
that I need to recognize that person.

 

Since voice recognition is not considered as adequate, I need to develop
a process to authenticate remote callers which will include combination
of personal information and one key question/answer.

 

Anyone can help me out to find an appropriate way beside voice.  Note
that this person will call for resetting password.